US7944355B2 - Security techniques in the RFID framework - Google Patents

Security techniques in the RFID framework Download PDF

Info

Publication number
US7944355B2
US7944355B2 US11/141,533 US14153305A US7944355B2 US 7944355 B2 US7944355 B2 US 7944355B2 US 14153305 A US14153305 A US 14153305A US 7944355 B2 US7944355 B2 US 7944355B2
Authority
US
United States
Prior art keywords
rfid
security
network
component
threat
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US11/141,533
Other versions
US20060055508A1 (en
Inventor
Anush Kumar
Balasubramanian Sriram
Mohamed Fakrudeen Ali Ahmed
Janaki Ram Goteti
Abhishek Agarwal
Ramachandran Venkatesh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US11/141,533 priority Critical patent/US7944355B2/en
Assigned to MICROSOFT CORPORATION reassignment MICROSOFT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AGARWAL, ABHISHEK, VENKATESH, RAMACHANDRAN, AHMED, MOHAMED FAKRUDEEN ALI, GOTETI, JANAKI RAM, SRIRAM, BALASUBRAMANIAN, KUMAR, ANUSH
Publication of US20060055508A1 publication Critical patent/US20060055508A1/en
Application granted granted Critical
Publication of US7944355B2 publication Critical patent/US7944355B2/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/087Inventory or stock management, e.g. order filling, procurement or balancing against orders

Definitions

  • RFID Radio Frequency Identification
  • RFID is a technique of remotely storing and retrieving data utilizing RFID tags. Since RFID systems are based upon radio frequency and associated signals, numerous benefits and/or advantages precede traditional techniques in monitoring products. RFID technology does not require a line of sight in order to monitor products and/or receive signals from RFID tags. Thus, no manual scan is necessary wherein the scanner is required to be in close proximity of the target (e.g., product). Yet, range is limited in RFID based upon radio frequency, RFID tag size, and associated power source.
  • RFID systems allow multiple reads within seconds providing quick scans and identification.
  • an RFID system allows a plurality of tags to be read and/or identified when the tags are within a range of an RFID reader.
  • the capability of multiple reads in an RFID system is complimented with the ability of providing informational tags that contain a unique identification code to each individual product.
  • RFID systems and/or methodologies provide real-time data associated with a tagged item.
  • Real-time data streams allow a retailer, distributor, and/or manufacturer the ability to monitor inventory and/or products with precision.
  • Utilizing RFID can further facilitate supplying products on a front-end distribution (e.g., retailer to consumer) and a back-end distribution (e.g., distributor/manufacturer to retailer).
  • Distributors and/or manufacturers can monitor shipments of goods, quality, amount, shipping time, etc.
  • retailers can track the amount of inventory received, location of such inventory, quality, shelf life, etc.
  • the described benefits demonstrate the flexibility of RFID technology to function across multiple domains such as, front-end supply, back-end supply, distribution chains, manufacturing, retail, automation, etc.
  • An RFID system consists of at least an RFID tag and an RFID transceiver.
  • the RFID tag can contain an antenna that provides reception and/or transmission to radio frequency queries from the RFID transceiver.
  • the RFID tag can be a small object, such as, for example, an adhesive sticker, a flexible label and integrated chip, etc.
  • an RFID system can include multiple components: tags, tag readers (e.g., tag transceivers), tag writers, tag-programming stations, circulation readers, sorting equipment, tag inventory wands, etc.
  • tags e.g., tag readers
  • tag-programming stations e.g., tag writers
  • circulation readers e.g., sorting equipment
  • tag inventory wands e.g., tag inventory wands
  • RFID systems are exposed to security threats based solely on the characteristics which out-perform traditional and/or conventional systems.
  • the RFID systems and devices are vulnerable and would be inept albeit for security measures associated therewith.
  • With the growth of RFID systems, and in particular RFID devices enhancing and improving security is an increasing concern to protect the quality and integrity of such devices and systems.
  • the subject invention relates to systems and/or methods that facilitate employing security to an RFID network.
  • a security component can incorporate a role-based authorization model associated with an operating system to an RFID network to provide various security levels, wherein the RFID network can be a collection of devices that form a sub-system based at least in part upon a process, a location, an event, and/or functionality.
  • the security component can utilize the role-based authorization model from the operating system to prevent malicious attacks in relation to at least one of a manipulation of a process within the RFID network and the accessibility and/or utilization of a device (e.g., an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real-time device, an RFID receiver, a real-time sensor, a device extensible to a web service, and a real-time event generation system) within the RFID network.
  • a device e.g., an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real-time device, an RFID receiver, a real-time sensor, a device extensible to a web service, and a real-time event generation system
  • the security component can include a role component that can create an RFID administrator and an RFID user group with respective permissions.
  • the RFID administrator can manipulate the process within the RFID network, wherein the manipulation can be an execution, a modification, a creation, a deletion (e.g., a termination), and/or a deployment (e.g., an initiation).
  • the RFID administrator can incorporate a user and/or a group from the operating system, wherein the user/group hierarchy is implemented within the RFID network.
  • the RFID administrator can dictate permissions to a user and/or a group in relation to a more restricted manipulation of such processes.
  • the user and/or group that have been permitted to the restricted manipulations of the process can further dictate permission related to the restricted manipulation of such processes.
  • the RFID administrator can dictate permissions related to the access and/or utilization of the device within the RFID network.
  • the security component can include an analyzer component that can determine the characteristics related to the authorization model within the operating system to facilitate integrating such roles into the RFID network. Moreover, the analyzer component can determine various vulnerabilities and/or threats associated with the RFID network, wherein such detected weaknesses can be eliminated via track model analysis. In accordance with another aspect, the security component can utilize a manager component that manages at least one of a role and permission associated with the RFID network.
  • the security component can include a threat component that can utilize track model analysis, wherein a threat can be determined and adequate protection can be provided accordingly.
  • the threat component can detect various threats by manual techniques, automatic techniques, and/or any combination thereof to dynamically perceive various threats and/or security vulnerabilities in relation to the RFID network.
  • the threat component can detect threats associated to the manipulation of the process within the RFID network and/or the accessibility and/or utilization of a device within the RFID network.
  • the security component can further include an API component.
  • the API component can modify permissions associated with at least one of an RFID administrator and an RFID user group.
  • the security component can include a notification component that can notify an administrator of a breach, potential breach, and/or an attempted breach. Also, the notification component can notify the administrator of an internal breach and/or an external breach.
  • methods are provided that facilitate employing security to an RFID network.
  • FIG. 1 illustrates a block diagram of an exemplary system that facilitates employing a security technique to an RFID network.
  • FIG. 2 illustrates a block diagram of an exemplary system that facilitates invoking a role-based authorization model to an RFID network utilizing an operating system.
  • FIG. 3 illustrates a block diagram of an exemplary system that facilitates implementing a role-based security technique to an RFID network in conjunction with an operating system.
  • FIG. 4 illustrates a block diagram of an exemplary system that facilitates providing at least one security technique to an RFID network in association with an operating system.
  • FIG. 5 illustrates a block diagram of an exemplary system that facilitates employing a role-based authorization to an RFID network.
  • FIG. 6 illustrates a block diagram of an exemplary system that facilitates employing a security technique to an RFID network.
  • FIG. 7 illustrates an exemplary methodology for invoking a role-based authorization model to an RFID network utilizing an operating system.
  • FIG. 8 illustrates an exemplary methodology that facilitates providing at least one security technique to an RFID network in association with an operating system.
  • FIG. 9 illustrates an exemplary networking environment, wherein the novel aspects of the subject invention can be employed.
  • FIG. 10 illustrates an exemplary operating environment that can be employed in accordance with the subject invention.
  • ком ⁇ онент can be a process running on a processor, a processor, an object, an executable, a program, and/or a computer.
  • a component can be a process running on a processor, a processor, an object, an executable, a program, and/or a computer.
  • an application running on a server and the server can be a component.
  • One or more components can reside within a process and a component can be localized on one computer and/or distributed between two or more computers.
  • FIG. 1 illustrates a system 100 that facilitates employing a security technique to radio frequency identification (RFID) network.
  • a security component 102 can employ a security technique to an RFID network 104 based at least in part upon a characteristic associated with an operating system 108 .
  • the security component 102 can provide protection against security breaches aimed toward a process within the RFID network 104 and/or a device within the RFID network 104 .
  • the process and/or device within the RFID network 104 are key assets within a server infrastructure which can be exposed to various threats that could arise out of malicious attacks.
  • the security component 102 can protect the process and/or device, wherein the process can be a deployable RFID process that models the logical processing pipeline for a system of device and/or device collections and the device is part of the physical device collection that the process can communicate.
  • the device can be, but is not limited to, an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real time device, an RFID receiver, a real time sensor, a device extensible to a web service, a real time event generation system, etc.
  • the security component 102 is depicted to be a stand-alone component, it is to be appreciated that the security component 102 can be incorporated into the RFID network 104 , the operating system 108 , and/or any combination thereof.
  • the RFID network 104 can include at least one RFID device that is associated with at least one RFID process. It is to be appreciated that the RFID process can utilize any suitable number of devices within the RFID network 104 .
  • the process can be related to a particular RFID sub-system (e.g., an RFID server, RFID network, etc.) that is an uber or high-level object that forms together various entities to create a meaningful unit of execution.
  • the process can be an outbound process (e.g., pick, pack, shipping scenario, etc.), a manufacturing process, a shipping process, a receiving process, tracking, data representation, data manipulation, data application, security, . . . .
  • the process can include an RFID device service, a tag read, an event (e.g., a tag read, a tag read error, a device up event, a device down event, and a management event), a tag write, a device configuration, a geographic tracking, a number count, etc.
  • an event e.g., a tag read, a tag read error, a device up event, a device down event, and a management event
  • a tag write e.g., a tag read, a tag read error, a device up event, a device down event, and a management event
  • a tag write e.g., a tag write, a device configuration, a geographic tracking, a number count, etc.
  • the security component 102 can invoke security measures to the RFID network 104 to secure and/or protect the process and/or device to deter malicious attacks.
  • the security component 102 can protect devices associated with a process and the process that utilizes such devices.
  • the operating system 108 can be any suitable operating system that utilizes a role-based authorization model and/or data.
  • the operating system 108 can incorporate an administrator, a group, and/or a user.
  • Such role-based authorization allows tiered levels (e.g., hierarchy) of authorization based at least in part upon the administrator's discretion.
  • the group can be configured based on roles that users play in an organization such as warehouse manager, warehouse employee, DC manager, store employee, etc.
  • Such groups can be selectively assigned various security levels, wherein a particular user and/or group can be given rights to perform specific tasks.
  • the security component 102 can incorporate the role-based authorization model and/or data associated with the operating system 108 to provide substantially similar security and/or authorization in relation to the RFID network 104 .
  • the security component 102 can provide role-based authorization to a process and/or a device within the RFID network 104 .
  • manipulations associated with processes and/or utilization of devices within the RFID network 104 can be restricted based at least in part upon the role-based authorization model within the operating system 108 .
  • the system 100 further includes an interface component 106 , which provides various adapters, connectors, channels, communication paths, etc. to integrate the security component 102 into virtually any operating and/or database system(s).
  • the interface component 106 can provide various adapters, connectors, channels, communication paths, etc., that provide for interaction with the security component 102 , the RFID network 104 , and the operating system 108 .
  • the interface component 106 is incorporated into the security component 102 , such implementation is not so limited.
  • the interface component 106 can be a stand-alone component to receive or transmit data in relation to the system 100 .
  • FIG. 2 illustrates a system 200 that facilitates invoking a role-based authorization model and/or data to an RFID network utilizing an operating system.
  • a security component 202 can invoke at least one security measure based at least in part upon an authorization model 210 within an operating system 208 to an RFID network 204 .
  • the security component 202 can provide a role-based authorization and/or protection that can be applied to a device (not shown) and/or a process 206 within the RFID network 204 . It is to be appreciated that although one process 206 is depicted within the RFID network 204 , the subject invention is not so limited and a plurality of processes can exist therein.
  • the authorization model 210 can be utilized by the security component 202 to implement a substantially similar security technique to the RFID network 204 , and in particular to the manipulation of the process 206 and/or the accessibility of the device (e.g., a process level and/or a device level). It is to be appreciated that the security component 202 , the operating system 208 , and the RFID network 204 can be substantially similar to the security component 102 , the operating system 108 , and the RFID network 104 as depicted in FIG. 1 .
  • the security component 202 can invoke security techniques in relation to the process 206 and/or the device(s) within the RFID network 204 .
  • the operating system 208 can contain an administrator, a warehouse manager group, and a warehouse employee group, wherein each group contains at least one user. In other words, the operating system 208 utilizes a role-based authorization model and/or data.
  • the security component 202 can create an additional administrator (e.g., RFID administrator) and at least one group (e.g., RFID user group), wherein users and/or groups within the operating system 208 can be incorporated into the RFID network 204 providing various security layers.
  • the rights associated with the RFID administrator and the RFID user group can be disparate and/or pre-defined based at least in part upon the security that is to be implemented. For example, the rights of the RFID administrator are supreme in relation to any user therewith.
  • the security component 202 can incorporate the role-based authorization model 210 within the operating system 208 to secure and/or protect the process(es) 206 and/or devices within the RFID network 204 .
  • the RFID network 204 can include at least one device (e.g., an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real-time device, an RFID receiver, a real-time sensor, a device extensible to a web service, a real-time event generation, etc.) that is associated with at least one RFID process 206 .
  • the RFID network 204 can include various sub-systems based at least in part upon location, function, and/or process 206 .
  • an RFID network 204 can be two groups and/or collections of devices, one at a shipping door and another at a receiving door.
  • Such RFID network 204 can further include a process 206 associated with each group and/or collection of devices based at least in part upon the group and/or collection name, location, and/or process name.
  • the process 206 can be a shipping process that is related to the devices at the shipping door, wherein the devices can collect data at such location.
  • another process 206 can be a receiving process that is related to the devices at the receiving door, wherein the devices can collect data at such location.
  • the security component 202 can secure and/or protect the manipulation of the process 206 and/or the accessibility of the device within the RFID network 204 based at least in part upon the role-based authorization model 210 associated with the operating system 208 .
  • the process 206 is an uber and/or high-level object that can provide a meaningful unit of execution.
  • the process 206 can be a shipping process that represents multiple devices at various dock doors working together to perform tag reads, filtering, read enrichment, alert evaluation, and data storage in a sink for a host application to retrieve/process.
  • the process 206 can execute a manufacturing process, wherein devices are configured to read as well as write dependent upon a location. Moreover, additional functions such as filtering, enriching, etc. can be implemented at the location.
  • the process 206 can write to a tag process, wherein a tag can be written in real-time based at least upon an input.
  • the write process can also check if the write succeeded by reading and passing data back to the host.
  • a manipulation e.g., creation, execution, deployment, modification, deletion, an initiation; and a termination, . . .
  • a manipulation of the process 206 can be secured and/or protected by the security component 202 .
  • the security component 202 can provide access to the process 206 and the device based at least in part upon a list of authorization groups associated with the process 206 .
  • the authorization group consists of a user defined name for the authorization group, a flag specifying the read-execute/modify-delete/both access level and a list of operating system users and/or groups. It is to be appreciated that the list can be potentially extended to structure query language (SQL) users and/or roles.
  • SQL structure query language
  • Such authorization group can be a named object that when associated with the process 206 and device artifacts that specifies the list of RFID store users and the access level to that artifact for all of them.
  • FIG. 3 illustrates a system 300 that facilitates implementing a role-based security technique to an RFID network in conjunction with an operating system.
  • a security component 302 protects and/or secures the manipulation of a process 306 and/or the accessibility of a device (not shown) within an RFID network 304 based at least in part upon an authorization model 310 associated with an operating system 308 .
  • the security component 302 can provide a first security layer related to the process 306 and a second security layer related to at least one device. It is to be appreciated that the security component 302 , the operating system 308 , and the RFID network 304 can be substantially similar to the security component 202 , 102 , the operating system 208 , 108 , and the RFID network 204 , 104 of FIGS. 2 and 1 respectively.
  • the security component 302 can include a role component 312 that can initiate and/or apply a general role and/or a role permission/right/attribute to provide security within the RFID network 304 .
  • the role component 312 can provide at least one guideline and/or rights to be enforced in association with the role-based authorization model 310 associated with the operating system 308 .
  • the guidelines and/or rights relating to the manipulation of the process 306 and/or utilization of a device with the process 306 can be based at least in part upon a track model analysis that facilitates the limitation of at least one threat to the system 300 .
  • the role-based authorization model 310 can be incorporated into the RFID network 304 , wherein specific rights and/or attributes can be assigned accordingly.
  • the role component 312 can utilize two general roles such as an RFID administrator and at least one RFID user group containing at least one user, wherein the RFID administrator and the RFID user group has respective attributes, guidelines, and/or rights.
  • the roles e.g., warehouse manager, warehouse employee, dc manager, store employee, etc.
  • the roles associated with the operating system 308 can be assigned (e.g., by the RFID administrator) to the RFID user group to reflect substantially similar hierarchy.
  • the RFID administrator can manipulate (e.g., create, execute, deploy, modify, delete, . . . ) any process 306 within the RFID network 304 .
  • the RFID administrator can add any user to have limited rights to a specific process or processes.
  • the user can create, modify, and execute the process 306 and add another user to the particular process.
  • the RFID administrator can further dictate permissions related to device accessibility and/or utilization of devices with the process 306 .
  • the user regardless of rights to the process 306
  • the role component 312 can incorporate rights according to the above examples, wherein the RFID administrator can dictate permissions of the incorporated users and/or groups from the operating system 308 .
  • the RFID administrator can remove and/or retract a user's permission list.
  • the security component 302 can include an analyzer component 314 that can analyze various data associated with the system 300 to facilitate employing security techniques to provide protection to at least one of the manipulation of the process 306 and/or utilization of a device within the RFID network 304 .
  • the analyzer component 314 can analyze the operating system 308 and determine the role-based authorization model 310 associated therewith to incorporate such roles into the RFID network 304 .
  • the analyzer component 314 can determine the various roles associated with the operating system 308 which allows the role component 312 to incorporate such roles with respective rights.
  • the analyzer component 314 can analyze possible threats and/or breaches to the security relating to at least one of the manipulation of the process 306 and/or utilization/accessibility of a device. In other words, the analyzer component 314 can determine a possible breach within security and incorporate the appropriate roles and/or rights to eliminate such breach possibility.
  • the security component 302 can further include a manager component 316 that manages the roles, attributes, and/or rights associated with the security component 302 .
  • the manager component 316 can provide the addition groups, creation of groups, deletion of groups, right assignment, etc. in relation to the security component 302 .
  • the manager component 316 can edit (e.g., add, delete, modify, create, . . . ) the rights associated with a role and/or group incorporated from the operating system 308 .
  • the manager component 316 can edit the users associated with a group within the RFID network 304 .
  • the manager component 316 can be utilized by the RFID administrator, wherein complete managerial aspects are dictated thereby.
  • manager component 316 can manage various aspects in relation to the roles and/or authorizations incorporated from the operating system 308 . Furthermore, although the manager component 316 is incorporated into the security component 302 , the subject invention is not so limited. It is to be appreciated that the manager component 316 can be a stand-alone component, incorporated into the RFID network 304 , incorporated into the operating system 308 , and/or any combination thereof.
  • FIG. 4 illustrates a system 400 that facilitates providing at least one security technique to an RFID network in association with an operating system.
  • a security component 402 can incorporate security levels associated with a manipulation of a process 406 and/or a utilization of a device within an RFID network 404 .
  • the security component 402 can create an RFID administrator and an RFID user group, wherein the RFID administrator can incorporate at least one characteristic (e.g., role, group, user, . . . ) from an authorization model 410 within an operating system 408 .
  • the RFID administrator can incorporate the characteristics within the operating system to provide a substantially similar hierarchy of security.
  • the security component 402 , the RFID network 404 , and the operating system 408 can be substantially similar to respective components and/or networks described in previous figures.
  • the RFID administrator has top priority in rights, wherein no user and/or group can over-step such authority.
  • the RFID administrator can add users to groups, delete users from groups, create new groups, create new users, modify groups, modify rights associated with a group and/or user, execute processes, deploy processes, create processes, modify processes, provide permission on device utilization, etc.
  • the user and/or group can create the process 406 , modify the process 406 , delete the process 406 , add another user and/or group to the process 406 , but not deploy and/or execute the process 406 .
  • the RFID administrator can dictate permissions on various devices within the RFID network 404 , wherein if a device is not granted permission, the process 406 associated with such device may not be manipulated regardless of rights related to the process 406 .
  • the security component 402 can utilize a threat component 412 that can utilize track model analysis to determine a threat and provide adequate protection accordingly.
  • Track model analysis can be invoked to provide a trust forming initiative, wherein at least one threat can be mapped to the platform (e.g., system 400 ) in terms of security to provide a security model.
  • the kinds of infractions can be listed and the resources, entry points, trust levels, data flow diagrams, and ways of compromised can be determined. Such information can lead to a list of threats, from which vulnerabilities can be exposed to allow the security component 402 protect from such vulnerabilities.
  • the security component 402 provides security related to the manipulation of a process and/or the utilization of a device within the RFID network 404 .
  • Numerous threats can be associated with the key assets (e.g., processes, devices, . . . ) to the RFID network 404 , wherein the threat component 412 can determine and protect against such threats.
  • the following threats can be seen as examples and not exhaustive to which the security component 402 can analyze to provide appropriate protection.
  • the process 406 can be exposed to the unauthorized creation of a process. For instance, a malicious user could potentially create a logical RFID process that 1) siphons information that is being collected; and/or 2) does not reflect the business function expected out of an RFID deployment (e.g., an incorrect shipping and/or receiving process) for other gains.
  • the process 406 can be exposed to an unauthorized deployment, modification, and/or deletion.
  • a malicious user can execute RFID logic when it is not suppose to be executed (e.g., turn warehouse devices on and scan inventory and count via the deployment of count process) if not restricted (e.g., unless super users are present and the system is able to sand-box other users to give them permissions to do only what they are allowed).
  • Such scenario includes malicious modification, deletion of business logic encompassed in a running process for other gains.
  • the device can be exposed to various threats. The following examples are not to be limiting to the subject invention.
  • the device can be exposed to a physical attack via a host.
  • An attacker can perform physical probing and/or alteration of a device. In a probing attacking, the goal of the attacker is to obtain any of the items listed in device properties, data sent to tags, as well as device firmware.
  • the device configuration can also be altered, wherein an attacker can attempt to alter the device configuration in an attempt to cause the device to misreport tag events including over-reporting, under-reporting, and/or reporting tag events to unauthorized hosts.
  • the device-host exchange can be eavesdropped. An attacker may attempt to eavesdrop on communications between the device and the host including protocol data frames from device and host, and data sent to the device from the host.
  • the injection of reader and/or host data frames can be a threat to the device within the RFID network 404 .
  • An attacker can inject data frames masquerading as the device or host including protocol data frames from device and host and data sent to the device from the host.
  • An attacker can further inject data frames and/or physical layer noise to disrupt the communications availability of the device and host providing a denial of service on device-host data exchange.
  • an attacker can attempt to introduce an unauthorized device and/or host to propose a threat to the system 400 .
  • the threat component 412 can aim to solve the above mentioned issued by the application and/or user of existing security mechanisms in the operating system 408 platform in a specific manner to protect the aforementioned RFID framework entities from the type of threats defined.
  • the security component 402 can invoke an application program interface (API) component 414 (herein referred to as “API 414 ”).
  • API 414 can be invoked, for example, at runtime to edit various roles and/or attributes/rights associated with roles. It is to be appreciated that various API's can be utilized with the subject invention and the following example is not exhaustive.
  • the API 414 can provide functionality such as, but not limited to, adding and/or removing a user and/or group from a list of users who can modify a process (e.g., such functionality can be done by the creator of the process). In addition, a list of all users and/or groups that can modify a process can be returned.
  • the API 414 can add and/or remove a user and/or group from the list of owners of the process. Moreover, the API 414 can return a list of all users and/or groups who are owners of the process, wherein the process creator is part of such list.
  • the following pseudo code can be employed in order to achieve the above functionality of the API 414 .
  • the security component 402 can further include a notification component 416 that can notify an administrator of acts, potential acts, and/or other suspicious activity in relation to a security breach.
  • the notification component 416 can utilize such data with the threat component 412 to protect against various security breaches.
  • the notification component 416 can dynamically detect and/or protect against a malicious attack on the system 400 .
  • the notification component 416 can inform (e.g., email, voicemail, text, Internet, web, . . . ) an administrator of attempted violation of assigned rights associated with a pre-defined role.
  • a user within a group authorized to manipulate a first process can be reported to an administrator if such user attempts to violate permissions related to processes other than the first process.
  • the security component 402 can further include a data store 418 that can store various data related to the system 400 .
  • the data store 418 can provide storage for various threats determined (e.g., dynamically, manually, . . . ); roles associated with the operating system 408 ; the role-based authorization model 410 , rights and/or attributes assigned to various users, groups, and/or administrators; pseudo code associated with at least one API; etc.
  • the data store 418 can be, for example, either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory.
  • nonvolatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM), which acts as external cache memory.
  • RAM is available in many forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), Rambus direct RAM (RDRAM), direct Rambus dynamic RAM (DRDRAM), and Rambus dynamic RAM (RDRAM).
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDR SDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • SLDRAM Synchlink DRAM
  • RDRAM Rambus direct RAM
  • DRAM direct Rambus dynamic RAM
  • RDRAM Rambus dynamic RAM
  • RDRAM Rambus dynamic RAM
  • FIG. 5 illustrates a system 500 that facilitates employing a role-based authorization to an RFID network.
  • a security component 502 can provide security and/or authorization to at least one of a manipulation of a process and/or a utilization of a device within such process, wherein both the process and the device are related to the RFID network 504 .
  • the security component 502 can incorporate a role-based authorization model within an operating system 516 allowing at least one user and/or group to be employed for a security hierarchy within the RFID network 504 . It is to be appreciated that the security component 502 , the operating system 516 , and the RFID network 504 can be substantially similar to respective components/networks described in previous figures.
  • the RFID network 504 can include a plurality of universes (e.g., sub-systems, RFID networks), wherein a universe is a server of RFID entities.
  • the RFID network 504 illustrates a single universe containing two collections of devices (e.g., device collections), where a first collection 506 is shown.
  • an RFID sub-system can be a location wherein the entities involved are related to a substantially similar process.
  • a sub-system can be a warehouse containing a plurality of receiving and/or shipping dock doors with associated devices.
  • first collection 506 can be a collection of devices within the specified sub-system. It is to be appreciated a plurality of collection of devices can be implemented.
  • a device 508 can receive an RFID signal 514 from a pallet of goods 512 containing at least one RFID tag 510 . It is to be appreciated the pallets and/or goods can be tagged based at least upon user specifications (e.g., single pallets tagged, individual goods tagged, pallets and goods tagged, etc.).
  • the security component 502 allows security techniques and/or mechanisms associated with the operating system 516 to be incorporated into the RFID network 504 , wherein the manipulation of a process and/or the accessibility and/or utilization of the device 508 can be secured.
  • the security component 502 can utilize the role-based authorization model associated with the operating system 516 in conjunction with the rights assigned to an RFID administrator and an RFID user group, wherein users and/or groups related to the operating system 516 can be integrated into the RFID user group.
  • FIG. 6 illustrates a system 600 that employs intelligence to facilitate employing a security technique to an RFID network.
  • the system 600 can include a security component 602 , an RFID network 604 , an operating system 606 , and the interface 106 that can all be substantially similar to respective components/networks described in previous figures.
  • the system 600 further includes an intelligent component 608 .
  • the intelligent component 608 can be utilized by the security component 602 to facilitate providing security to the RFID network 604 . It is to be appreciated that the enforcement of security can be in a distributed manner (e.g., the security can be enforced across disparate RFID runtimes).
  • the intelligent component 608 can provide for reasoning about or infer states of the system, environment, and/or user from a set of observations as captured via events and/or data. Inference can be employed to identify a specific context or action, or can generate a probability distribution over states, for example.
  • the inference can be probabilistic—that is, the computation of a probability distribution over states of interest based on a consideration of data and events.
  • Inference can also refer to techniques employed for composing higher-level events from a set of events and/or data. Such inference results in the construction of new events or actions from a set of observed events and/or stored event data, whether or not the events are correlated in close temporal proximity, and whether the events and data come from one or several event and data sources.
  • classification explicitly and/or implicitly trained
  • schemes and/or systems e.g., support vector machines, neural networks, expert systems, Bayesian belief networks, fuzzy logic, data fusion engines . . .
  • Various classification (explicitly and/or implicitly trained) schemes and/or systems can be employed in connection with performing automatic and/or inferred action in connection with the subject invention.
  • Such classification can employ a probabilistic and/or statistical-based analysis (e.g., factoring into the analysis utilities and costs) to prognose or infer an action that a user desires to be automatically performed.
  • a support vector machine (SVM) is an example of a classifier that can be employed. The SVM operates by finding a hypersurface in the space of possible inputs, which hypersurface attempts to split the triggering criteria from the non-triggering events.
  • Other directed and undirected model classification approaches include, e.g., na ⁇ ve Bayes, Bayesian networks, decision trees, neural networks, fuzzy logic models, and probabilistic classification models providing different patterns of independence can be employed. Classification as used herein also is inclusive of statistical regression that is utilized to develop models of priority.
  • a presentation component 610 can provide various types of user interfaces to facilitate interaction between a user and any component coupled to the security component 602 .
  • the presentation component 610 is a separate entity that can be utilized with the security component 602 .
  • the presentation component 610 and/or similar view components can be incorporated into the security component 602 and/or a stand-alone unit.
  • the presentation component 610 can provide one or more graphical user interfaces (GUIs), command line interfaces, and the like.
  • GUIs graphical user interfaces
  • a GUI can be rendered that provides a user with a region or means to load, import, read, etc., data, and can include a region to present the results of such.
  • These regions can comprise known text and/or graphic regions comprising dialogue boxes, static controls, drop-down-menus, list boxes, pop-up menus, as edit controls, combo boxes, radio buttons, check boxes, push buttons, and graphic boxes.
  • utilities to facilitate the presentation such vertical and/or horizontal scroll bars for navigation and toolbar buttons to determine whether a region will be viewable can be employed.
  • the user can interact with one or more of the components coupled to the security component 602 .
  • the user can also interact with the regions to select and provide information via various devices such as a mouse, a roller ball, a keypad, a keyboard, a pen and/or voice activation, for example.
  • a mechanism such as a push button or the enter key on the keyboard can be employed subsequent entering the information in order to initiate the search.
  • a command line interface can be employed.
  • the command line interface can prompt (e.g., via a text message on a display and an audio tone) the user for information via providing a text message.
  • command line interface can be employed in connection with a GUI and/or API.
  • command line interface can be employed in connection with hardware (e.g., video cards) and/or displays (e.g., black and white, and EGA) with limited graphic support, and/or low bandwidth communication channels.
  • FIGS. 7-8 illustrate methodologies in accordance with the subject invention.
  • the methodologies are depicted and described as a series of acts. It is to be understood and appreciated that the subject invention is not limited by the acts illustrated and/or by the order of acts, for example acts can occur in various orders and/or concurrently, and with other acts not presented and described herein. Furthermore, not all illustrated acts may be required to implement the methodologies in accordance with the subject invention. In addition, those skilled in the art will understand and appreciate that the methodologies could alternatively be represented as a series of interrelated states via a state diagram or events.
  • FIG. 7 illustrates a methodology 700 for invoking a role-based authorization model to an RFID network utilizing an operating system.
  • an RFID administrator and an RFID user group can be created with assigned rights and/or permissions.
  • the RFID administrator can execute, deploy, create, delete, modify, etc. a process associated with an RFID network.
  • the RFID administrator can add, delete, modify rights associated with a user and process permissions.
  • the RFID administrator can add a first user to the RFID user group which has permission to create, modify, and delete a process. Once added to the RFID user group, the user can add and/or remove other users to the process.
  • the RFID administrator can give permissions in relation to accessibility and/or utilization of a device within the RFID network to a process. For instance, if the RFID administrator locks or denies access to a collection of devices, the RFID user group and/or user may not access such devices regardless of permissions related to associated processes.
  • a user and/or group associated with a role-based authorization model within an operating system can be incorporated with the RFID user group.
  • any roles, groups, and/or users related to the authorization model within the operating system can be incorporated into the RFID network to provide a substantially similar hierarchy of users related to such operating system.
  • the operating system can include a plurality of users in an organization such as warehouse manager, warehouse employee, DC manager, store employee, etc., wherein such characteristics are the basis of the authorization model.
  • Those roles can be incorporated into the RFID network, and in particular into the RFID administrator and/or RFID user group.
  • security can be provided to the RFID network based at least in part upon the roles and/or role-based authorization model of the operating system.
  • the security is provided to at least one of a manipulation (e.g., create, modify, execute, deploy, manage, add user and/or group permission, . . . ) of a process and utilization of a device associated with a process.
  • a manipulation e.g., create, modify, execute, deploy, manage, add user and/or group permission, . . .
  • FIG. 8 illustrates a methodology 800 that facilitates providing at least one security technique to an RFID network in association with an operating system.
  • a threat condition can be received.
  • the threat condition can be any possible threat and/or vulnerability associated with an RFID network and/or related processes and/or devices.
  • the threat condition can be, but is not limited to, an unauthorized creation of a process within the RFID network, the unauthorized deployment, modification, and/or deletion of a process within the RFID network, a physical attack on a device within the RFID network, an alteration of device configuration, eavesdropping on device-host data exchange, injection of device and/or host data frames, denial of service on device-host data exchange, unauthorized device and/or host, etc.
  • the threat conditions can be manually, automatically, and/or dynamically determined, wherein such conditions can be utilized in conjunction with a track model analysis to protect the RFID network and associated assets.
  • an RFID administrator and an RFID user group can be created with assigned permissions, attributes, and/or rights. It is to be appreciated that the permissions, attributes, and/or rights can be aimed to protect against various threats known and/or dynamically identified utilizing, for example, the track model analysis. A discussed supra, the RFID administrator can have permission levels above all other users and/or groups, wherein the RFID user group and associated users are subordinate thereto. Moreover, the permissions, attributes, and/or rights can be related to the manipulation of a process within the RFID network and/or accessibility and/or utilization of a device associated with a process within the RFID network.
  • a role-based authorization model within an operating system can be integrated to the RFID network, wherein various characteristics can be incorporated into the RFID administrator and/or RFID user groups.
  • the existing security mechanisms associated with the operating system, in particular groups and/or users can be utilized with providing security with the RFID network.
  • a notification of a breach can be instantiated to, for instance an administrator.
  • the breach can be any malicious attack on the RFID network, internal and/or external, wherein a notification to the proper administrator can be executed.
  • the notification can be, for instance, an email, a text message, a post on a web page, a voicemail, etc.
  • the breach can a user with permission to a particular process attempts to access processes outside the scope of such permission.
  • a notification and/or log can be utilized to inform and/or track the attempted breach of security.
  • an API can be utilized to manage the role-based authorization associated with the RFID network.
  • an API can be invoked during runtime to allow at least one of the following: 1) the addition/removal of a user and/or group form a list of users who can modify a process; 2) return of a list of all users and/or groups who can modify a process; 3) add and/or remove a user and/or group from the list of owners of the process; and 4) return the list of all users and/or groups who are owners of the process.
  • numerous API's with a plurality of functionality can be employed with the subject invention and the above examples are not to be seen as limiting.
  • FIGS. 9-10 and the following discussion is intended to provide a brief, general description of a suitable computing environment in which the various aspects of the subject invention may be implemented. While the invention has been described above in the general context of computer-executable instructions of a computer program that runs on a local computer and/or remote computer, those skilled in the art will recognize that the invention also may be implemented in combination with other program modules. Generally, program modules include routines, programs, components, data structures, etc., that perform particular tasks and/or implement particular abstract data types.
  • inventive methods may be practiced with other computer system configurations, including single-processor or multi-processor computer systems, minicomputers, mainframe computers, as well as personal computers, hand-held computing devices, microprocessor-based and/or programmable consumer electronics, and the like, each of which may operatively communicate with one or more associated devices.
  • the illustrated aspects of the invention may also be practiced in distributed computing environments where certain tasks are performed by remote processing devices that are linked through a communications network. However, some, if not all, aspects of the invention may be practiced on stand-alone computers.
  • program modules may be located in local and/or remote memory storage devices.
  • FIG. 9 is a schematic block diagram of a sample-computing environment 900 with which the subject invention can interact.
  • the system 900 includes one or more client(s) 910 .
  • the client(s) 910 can be hardware and/or software (e.g., threads, processes, computing devices).
  • the system 900 also includes one or more server(s) 920 .
  • the server(s) 920 can be hardware and/or software (e.g., threads, processes, computing devices).
  • the servers 920 can house threads to perform transformations by employing the subject invention, for example.
  • the system 900 includes a communication framework 940 that can be employed to facilitate communications between the client(s) 910 and the server(s) 920 .
  • the client(s) 910 are operably connected to one or more client data store(s) 950 that can be employed to store information local to the client(s) 910 .
  • the server(s) 920 are operably connected to one or more server data store(s) 930 that can be employed to store information local to the servers 920 .
  • an exemplary environment 1000 for implementing various aspects of the invention includes a computer 1012 .
  • the computer 1012 includes a processing unit 1014 , a system memory 1016 , and a system bus 1018 .
  • the system bus 1018 couples system components including, but not limited to, the system memory 1016 to the processing unit 1014 .
  • the processing unit 1014 can be any of various available processors. Dual microprocessors and other multiprocessor architectures also can be employed as the processing unit 1014 .
  • the system bus 1018 can be any of several types of bus structure(s) including the memory bus or memory controller, a peripheral bus or external bus, and/or a local bus using any variety of available bus architectures including, but not limited to, Industrial Standard Architecture (ISA), Micro-Channel Architecture (MSA), Extended ISA (EISA), Intelligent Drive Electronics (IDE), VESA Local Bus (VLB), Peripheral Component Interconnect (PCI), Card Bus, Universal Serial Bus (USB), Advanced Graphics Port (AGP), Personal Computer Memory Card International Association bus (PCMCIA), Firewire (IEEE 1394), and Small Computer Systems Interface (SCSI).
  • ISA Industrial Standard Architecture
  • MSA Micro-Channel Architecture
  • EISA Extended ISA
  • IDE Intelligent Drive Electronics
  • VLB VESA Local Bus
  • PCI Peripheral Component Interconnect
  • Card Bus Universal Serial Bus
  • USB Universal Serial Bus
  • AGP Advanced Graphics Port
  • PCMCIA Personal Computer Memory Card International Association bus
  • Firewire IEEE 1394
  • SCSI Small Computer Systems Interface
  • the system memory 1016 includes volatile memory 1020 and nonvolatile memory 1022 .
  • the basic input/output system (BIOS) containing the basic routines to transfer information between elements within the computer 1012 , such as during start-up, is stored in nonvolatile memory 1022 .
  • nonvolatile memory 1022 can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory 1020 includes random access memory (RAM), which acts as external cache memory.
  • RAM is available in many forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), Rambus direct RAM (RDRAM), direct Rambus dynamic RAM (DRDRAM), and Rambus dynamic RAM (RDRAM).
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDR SDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • SLDRAM Synchlink DRAM
  • RDRAM Rambus direct RAM
  • DRAM direct Rambus dynamic RAM
  • RDRAM Rambus dynamic RAM
  • Disk storage 1024 includes, but is not limited to, devices like a magnetic disk drive, floppy disk drive, tape drive, Jaz drive, Zip drive, LS-100 drive, flash memory card, or memory stick.
  • disk storage 1024 can include storage media separately or in combination with other storage media including, but not limited to, an optical disk drive such as a compact disk ROM device (CD-ROM), CD recordable drive (CD-R Drive), CD rewritable drive (CD-RW Drive) or a digital versatile disk ROM drive (DVD-ROM).
  • an optical disk drive such as a compact disk ROM device (CD-ROM), CD recordable drive (CD-R Drive), CD rewritable drive (CD-RW Drive) or a digital versatile disk ROM drive (DVD-ROM).
  • a removable or non-removable interface is typically used such as interface 1026 .
  • FIG. 10 describes software that acts as an intermediary between users and the basic computer resources described in the suitable operating environment 1000 .
  • Such software includes an operating system 1028 .
  • Operating system 1028 which can be stored on disk storage 1024 , acts to control and allocate resources of the computer system 1012 .
  • System applications 1030 take advantage of the management of resources by operating system 1028 through program modules 1032 and program data 1034 stored either in system memory 1016 or on disk storage 1024 . It is to be appreciated that the subject invention can be implemented with various operating systems or combinations of operating systems.
  • Input devices 1036 include, but are not limited to, a pointing device such as a mouse, trackball, stylus, touch pad, keyboard, microphone, joystick, game pad, satellite dish, scanner, TV tuner card, digital camera, digital video camera, web camera, and the like. These and other input devices connect to the processing unit 1014 through the system bus 1018 via interface port(s) 1038 .
  • Interface port(s) 1038 include, for example, a serial port, a parallel port, a game port, and a universal serial bus (USB).
  • Output device(s) 1040 use some of the same type of ports as input device(s) 1036 .
  • a USB port may be used to provide input to computer 1012 , and to output information from computer 1012 to an output device 1040 .
  • Output adapter 1042 is provided to illustrate that there are some output devices 1040 like monitors, speakers, and printers, among other output devices 1040 , which require special adapters.
  • the output adapters 1042 include, by way of illustration and not limitation, video and sound cards that provide a means of connection between the output device 1040 and the system bus 1018 . It should be noted that other devices and/or systems of devices provide both input and output capabilities such as remote computer(s) 1044 .
  • Computer 1012 can operate in a networked environment using logical connections to one or more remote computers, such as remote computer(s) 1044 .
  • the remote computer(s) 1044 can be a personal computer, a server, a router, a network PC, a workstation, a microprocessor based appliance, a peer device or other common network node and the like, and typically includes many or all of the elements described relative to computer 1012 .
  • only a memory storage device 1046 is illustrated with remote computer(s) 1044 .
  • Remote computer(s) 1044 is logically connected to computer 1012 through a network interface 1048 and then physically connected via communication connection 1050 .
  • Network interface 1048 encompasses wire and/or wireless communication networks such as local-area networks (LAN) and wide-area networks (WAN).
  • LAN technologies include Fiber Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI), Ethernet, Token Ring and the like.
  • WAN technologies include, but are not limited to, point-to-point links, circuit switching networks like Integrated Services Digital Networks (ISDN) and variations thereon, packet switching networks, and Digital Subscriber Lines (DSL).
  • ISDN Integrated Services Digital Networks
  • DSL Digital Subscriber Lines
  • Communication connection(s) 1050 refers to the hardware/software employed to connect the network interface 1048 to the bus 1018 . While communication connection 1050 is shown for illustrative clarity inside computer 1012 , it can also be external to computer 1012 .
  • the hardware/software necessary for connection to the network interface 1048 includes, for exemplary purposes only, internal and external technologies such as, modems including regular telephone grade modems, cable modems and DSL modems, ISDN adapters, and Ethernet cards.
  • the terms (including a reference to a “means”) used to describe such components are intended to correspond, unless otherwise indicated, to any component which performs the specified function of the described component (e.g., a functional equivalent), even though not structurally equivalent to the disclosed structure, which performs the function in the herein illustrated exemplary aspects of the invention.
  • the invention includes a system as well as a computer-readable medium having computer-executable instructions for performing the acts and/or events of the various methods of the invention.

Abstract

The subject invention provides a system and/or a method that facilitates employing a security technique to an RFID network. An interface can receive role-based authorization data related to an operating system. A security component can enhance security to at least one of a manipulation of a process and a utilization of a device within the RFID network based at least in part upon role-based authorization data.

Description

CROSS-REFERENCE TO RELATED APPLICATION(S)
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/606,281 filed on Sep. 1, 2004, entitled “SYSTEM AND METHODS THAT FACILITATE RFID SERVER PROGRAMMING MODEL AND API'S,” and U.S. Provisional Patent Application Ser. No. 60/606,577 filed on Sep. 2, 2004, entitled “FACILITATE RFID SERVER PROGRAMMING MODEL AND API'S.” This application is also related to co-pending U.S. patent application Ser. Nos. 11/069,459, 11/025,702, 11/061,356, and 11/061,337 filed on Mar. 1, 2005, Dec. 29, 2004, Feb. 18, 2005, and Feb. 18, 2005, respectively. The entireties of these applications are incorporated herein by reference.
BACKGROUND OF THE INVENTION
Many retail, manufacture, and distribution establishments are applying different and innovative operating methods to increase efficiency. These establishments can monitor store inventory to facilitate optimizing supply and demand relating to consumers. One aspect of maximizing profit hinges on properly stocking inventory such that replenishment occurs in conjunction with exhaustion of goods and/or products. For example, a retailer selling a computer and/or a VCR, must stock the computer in relation to its consumer sales, and the VCR in relation to its consumer sales. Thus, if the computer is in higher demand (e.g., more units sold) than the VCR, the retailer can stock the computer more frequently in order to optimize supply and demand, and in turn, profit. Monitoring inventory and associated sales can be a complex task, wherein product activity is comparable to a black box since inner workings are unknown; yet monitoring products is a crucial element in inventory/product efficiency.
Automatic identification and data capture (AIDC) technology, and specifically, Radio Frequency Identification (RFID) has been developed based at least upon the need to cure deficiencies of typical monitoring systems and/or methodologies (e.g., barcode readers, barcodes, and/or UPCs). RFID is a technique of remotely storing and retrieving data utilizing RFID tags. Since RFID systems are based upon radio frequency and associated signals, numerous benefits and/or advantages precede traditional techniques in monitoring products. RFID technology does not require a line of sight in order to monitor products and/or receive signals from RFID tags. Thus, no manual scan is necessary wherein the scanner is required to be in close proximity of the target (e.g., product). Yet, range is limited in RFID based upon radio frequency, RFID tag size, and associated power source. Additionally, RFID systems allow multiple reads within seconds providing quick scans and identification. In other words, an RFID system allows a plurality of tags to be read and/or identified when the tags are within a range of an RFID reader. The capability of multiple reads in an RFID system is complimented with the ability of providing informational tags that contain a unique identification code to each individual product.
Moreover, RFID systems and/or methodologies provide real-time data associated with a tagged item. Real-time data streams allow a retailer, distributor, and/or manufacturer the ability to monitor inventory and/or products with precision. Utilizing RFID can further facilitate supplying products on a front-end distribution (e.g., retailer to consumer) and a back-end distribution (e.g., distributor/manufacturer to retailer). Distributors and/or manufacturers can monitor shipments of goods, quality, amount, shipping time, etc. In addition, retailers can track the amount of inventory received, location of such inventory, quality, shelf life, etc. The described benefits demonstrate the flexibility of RFID technology to function across multiple domains such as, front-end supply, back-end supply, distribution chains, manufacturing, retail, automation, etc.
An RFID system consists of at least an RFID tag and an RFID transceiver. The RFID tag can contain an antenna that provides reception and/or transmission to radio frequency queries from the RFID transceiver. The RFID tag can be a small object, such as, for example, an adhesive sticker, a flexible label and integrated chip, etc. There are typically four different frequencies the RFID tags utilize: low frequency tags (between about 125 to 134 kilohertz), high frequency tags (about 13.56 megahertz), UHF tags (about 868 to 956 megahertz) and Microwave tags (about 2.45 gigahertz).
In general, an RFID system can include multiple components: tags, tag readers (e.g., tag transceivers), tag writers, tag-programming stations, circulation readers, sorting equipment, tag inventory wands, etc. Such devices and, in general, RFID systems are exposed to security threats based solely on the characteristics which out-perform traditional and/or conventional systems. The RFID systems and devices are vulnerable and would be inept albeit for security measures associated therewith. With the growth of RFID systems, and in particular RFID devices, enhancing and improving security is an increasing concern to protect the quality and integrity of such devices and systems.
SUMMARY OF THE INVENTION
The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive overview of the invention. It is intended to neither identify key or critical elements of the invention nor delineate the scope of the invention. Its sole purpose is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.
The subject invention relates to systems and/or methods that facilitate employing security to an RFID network. A security component can incorporate a role-based authorization model associated with an operating system to an RFID network to provide various security levels, wherein the RFID network can be a collection of devices that form a sub-system based at least in part upon a process, a location, an event, and/or functionality. The security component can utilize the role-based authorization model from the operating system to prevent malicious attacks in relation to at least one of a manipulation of a process within the RFID network and the accessibility and/or utilization of a device (e.g., an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real-time device, an RFID receiver, a real-time sensor, a device extensible to a web service, and a real-time event generation system) within the RFID network.
In accordance with one aspect of the subject invention, the security component can include a role component that can create an RFID administrator and an RFID user group with respective permissions. The RFID administrator can manipulate the process within the RFID network, wherein the manipulation can be an execution, a modification, a creation, a deletion (e.g., a termination), and/or a deployment (e.g., an initiation). The RFID administrator can incorporate a user and/or a group from the operating system, wherein the user/group hierarchy is implemented within the RFID network. In addition, the RFID administrator can dictate permissions to a user and/or a group in relation to a more restricted manipulation of such processes. The user and/or group that have been permitted to the restricted manipulations of the process can further dictate permission related to the restricted manipulation of such processes. Furthermore, the RFID administrator can dictate permissions related to the access and/or utilization of the device within the RFID network.
In accordance with another aspect of the subject invention, the security component can include an analyzer component that can determine the characteristics related to the authorization model within the operating system to facilitate integrating such roles into the RFID network. Moreover, the analyzer component can determine various vulnerabilities and/or threats associated with the RFID network, wherein such detected weaknesses can be eliminated via track model analysis. In accordance with another aspect, the security component can utilize a manager component that manages at least one of a role and permission associated with the RFID network.
In accordance with still another aspect, the security component can include a threat component that can utilize track model analysis, wherein a threat can be determined and adequate protection can be provided accordingly. The threat component can detect various threats by manual techniques, automatic techniques, and/or any combination thereof to dynamically perceive various threats and/or security vulnerabilities in relation to the RFID network. In particular, the threat component can detect threats associated to the manipulation of the process within the RFID network and/or the accessibility and/or utilization of a device within the RFID network.
In accordance with another aspect of the subject invention, the security component can further include an API component. The API component can modify permissions associated with at least one of an RFID administrator and an RFID user group. Furthermore, the security component can include a notification component that can notify an administrator of a breach, potential breach, and/or an attempted breach. Also, the notification component can notify the administrator of an internal breach and/or an external breach. In other aspects of the subject invention, methods are provided that facilitate employing security to an RFID network.
The following description and the annexed drawings set forth in detail certain illustrative aspects of the invention. These aspects are indicative, however, of but a few of the various ways in which the principles of the invention may be employed and the subject invention is intended to include all such aspects and their equivalents. Other advantages and novel features of the invention will become apparent from the following detailed description of the invention when considered in conjunction with the drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates a block diagram of an exemplary system that facilitates employing a security technique to an RFID network.
FIG. 2 illustrates a block diagram of an exemplary system that facilitates invoking a role-based authorization model to an RFID network utilizing an operating system.
FIG. 3 illustrates a block diagram of an exemplary system that facilitates implementing a role-based security technique to an RFID network in conjunction with an operating system.
FIG. 4 illustrates a block diagram of an exemplary system that facilitates providing at least one security technique to an RFID network in association with an operating system.
FIG. 5 illustrates a block diagram of an exemplary system that facilitates employing a role-based authorization to an RFID network.
FIG. 6 illustrates a block diagram of an exemplary system that facilitates employing a security technique to an RFID network.
FIG. 7 illustrates an exemplary methodology for invoking a role-based authorization model to an RFID network utilizing an operating system.
FIG. 8 illustrates an exemplary methodology that facilitates providing at least one security technique to an RFID network in association with an operating system.
FIG. 9 illustrates an exemplary networking environment, wherein the novel aspects of the subject invention can be employed.
FIG. 10 illustrates an exemplary operating environment that can be employed in accordance with the subject invention.
DESCRIPTION OF THE INVENTION
As utilized in this application, terms “component,” “system,” “interface,” and the like are intended to refer to a computer-related entity, either hardware, software (e.g., in execution), and/or firmware. For example, a component can be a process running on a processor, a processor, an object, an executable, a program, and/or a computer. By way of illustration, both an application running on a server and the server can be a component. One or more components can reside within a process and a component can be localized on one computer and/or distributed between two or more computers.
The subject invention is described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the subject invention. It may be evident, however, that the subject invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing the subject invention.
Now turning to the figures, FIG. 1 illustrates a system 100 that facilitates employing a security technique to radio frequency identification (RFID) network. A security component 102 can employ a security technique to an RFID network 104 based at least in part upon a characteristic associated with an operating system 108. The security component 102 can provide protection against security breaches aimed toward a process within the RFID network 104 and/or a device within the RFID network 104. The process and/or device within the RFID network 104 are key assets within a server infrastructure which can be exposed to various threats that could arise out of malicious attacks. In other words, the security component 102 can protect the process and/or device, wherein the process can be a deployable RFID process that models the logical processing pipeline for a system of device and/or device collections and the device is part of the physical device collection that the process can communicate. It is to be appreciated that the device can be, but is not limited to, an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real time device, an RFID receiver, a real time sensor, a device extensible to a web service, a real time event generation system, etc. Moreover, although the security component 102 is depicted to be a stand-alone component, it is to be appreciated that the security component 102 can be incorporated into the RFID network 104, the operating system 108, and/or any combination thereof.
In one example, the RFID network 104 can include at least one RFID device that is associated with at least one RFID process. It is to be appreciated that the RFID process can utilize any suitable number of devices within the RFID network 104. The process can be related to a particular RFID sub-system (e.g., an RFID server, RFID network, etc.) that is an uber or high-level object that forms together various entities to create a meaningful unit of execution. The process can be an outbound process (e.g., pick, pack, shipping scenario, etc.), a manufacturing process, a shipping process, a receiving process, tracking, data representation, data manipulation, data application, security, . . . . Additionally, the process can include an RFID device service, a tag read, an event (e.g., a tag read, a tag read error, a device up event, a device down event, and a management event), a tag write, a device configuration, a geographic tracking, a number count, etc.
The security component 102 can invoke security measures to the RFID network 104 to secure and/or protect the process and/or device to deter malicious attacks. The security component 102 can protect devices associated with a process and the process that utilizes such devices. The operating system 108 can be any suitable operating system that utilizes a role-based authorization model and/or data. For example, the operating system 108 can incorporate an administrator, a group, and/or a user. Such role-based authorization allows tiered levels (e.g., hierarchy) of authorization based at least in part upon the administrator's discretion. In one example, the group can be configured based on roles that users play in an organization such as warehouse manager, warehouse employee, DC manager, store employee, etc. Such groups can be selectively assigned various security levels, wherein a particular user and/or group can be given rights to perform specific tasks.
The security component 102 can incorporate the role-based authorization model and/or data associated with the operating system 108 to provide substantially similar security and/or authorization in relation to the RFID network 104. In particular, the security component 102 can provide role-based authorization to a process and/or a device within the RFID network 104. Thus, manipulations associated with processes and/or utilization of devices within the RFID network 104 can be restricted based at least in part upon the role-based authorization model within the operating system 108.
The system 100 further includes an interface component 106, which provides various adapters, connectors, channels, communication paths, etc. to integrate the security component 102 into virtually any operating and/or database system(s). In addition, the interface component 106 can provide various adapters, connectors, channels, communication paths, etc., that provide for interaction with the security component 102, the RFID network 104, and the operating system 108. It is to be appreciated that although the interface component 106 is incorporated into the security component 102, such implementation is not so limited. For instance, the interface component 106 can be a stand-alone component to receive or transmit data in relation to the system 100.
FIG. 2 illustrates a system 200 that facilitates invoking a role-based authorization model and/or data to an RFID network utilizing an operating system. A security component 202 can invoke at least one security measure based at least in part upon an authorization model 210 within an operating system 208 to an RFID network 204. The security component 202 can provide a role-based authorization and/or protection that can be applied to a device (not shown) and/or a process 206 within the RFID network 204. It is to be appreciated that although one process 206 is depicted within the RFID network 204, the subject invention is not so limited and a plurality of processes can exist therein. The authorization model 210 can be utilized by the security component 202 to implement a substantially similar security technique to the RFID network 204, and in particular to the manipulation of the process 206 and/or the accessibility of the device (e.g., a process level and/or a device level). It is to be appreciated that the security component 202, the operating system 208, and the RFID network 204 can be substantially similar to the security component 102, the operating system 108, and the RFID network 104 as depicted in FIG. 1.
For example, the security component 202 can invoke security techniques in relation to the process 206 and/or the device(s) within the RFID network 204. The operating system 208 can contain an administrator, a warehouse manager group, and a warehouse employee group, wherein each group contains at least one user. In other words, the operating system 208 utilizes a role-based authorization model and/or data. The security component 202 can create an additional administrator (e.g., RFID administrator) and at least one group (e.g., RFID user group), wherein users and/or groups within the operating system 208 can be incorporated into the RFID network 204 providing various security layers. It is to be appreciated that the rights associated with the RFID administrator and the RFID user group can be disparate and/or pre-defined based at least in part upon the security that is to be implemented. For example, the rights of the RFID administrator are supreme in relation to any user therewith. Thus, the security component 202 can incorporate the role-based authorization model 210 within the operating system 208 to secure and/or protect the process(es) 206 and/or devices within the RFID network 204.
Furthermore, the RFID network 204 can include at least one device (e.g., an RFID reader, an RFID writer, an RFID printer, a printer, a reader, a writer, an RFID transmitter, an antenna, a sensor, a real-time device, an RFID receiver, a real-time sensor, a device extensible to a web service, a real-time event generation, etc.) that is associated with at least one RFID process 206. The RFID network 204 can include various sub-systems based at least in part upon location, function, and/or process 206. For example, an RFID network 204 can be two groups and/or collections of devices, one at a shipping door and another at a receiving door. Such RFID network 204 can further include a process 206 associated with each group and/or collection of devices based at least in part upon the group and/or collection name, location, and/or process name. For instance, the process 206 can be a shipping process that is related to the devices at the shipping door, wherein the devices can collect data at such location. Similarly, another process 206 can be a receiving process that is related to the devices at the receiving door, wherein the devices can collect data at such location. The security component 202 can secure and/or protect the manipulation of the process 206 and/or the accessibility of the device within the RFID network 204 based at least in part upon the role-based authorization model 210 associated with the operating system 208.
The process 206 is an uber and/or high-level object that can provide a meaningful unit of execution. For instance, the process 206 can be a shipping process that represents multiple devices at various dock doors working together to perform tag reads, filtering, read enrichment, alert evaluation, and data storage in a sink for a host application to retrieve/process. In another example, the process 206 can execute a manufacturing process, wherein devices are configured to read as well as write dependent upon a location. Moreover, additional functions such as filtering, enriching, etc. can be implemented at the location. In yet another example, the process 206 can write to a tag process, wherein a tag can be written in real-time based at least upon an input. The write process can also check if the write succeeded by reading and passing data back to the host. A manipulation (e.g., creation, execution, deployment, modification, deletion, an initiation; and a termination, . . . ) of the process 206 can be secured and/or protected by the security component 202.
In one example, the security component 202 can provide access to the process 206 and the device based at least in part upon a list of authorization groups associated with the process 206. The authorization group consists of a user defined name for the authorization group, a flag specifying the read-execute/modify-delete/both access level and a list of operating system users and/or groups. It is to be appreciated that the list can be potentially extended to structure query language (SQL) users and/or roles. Such authorization group can be a named object that when associated with the process 206 and device artifacts that specifies the list of RFID store users and the access level to that artifact for all of them.
FIG. 3 illustrates a system 300 that facilitates implementing a role-based security technique to an RFID network in conjunction with an operating system. A security component 302 protects and/or secures the manipulation of a process 306 and/or the accessibility of a device (not shown) within an RFID network 304 based at least in part upon an authorization model 310 associated with an operating system 308. The security component 302 can provide a first security layer related to the process 306 and a second security layer related to at least one device. It is to be appreciated that the security component 302, the operating system 308, and the RFID network 304 can be substantially similar to the security component 202, 102, the operating system 208, 108, and the RFID network 204, 104 of FIGS. 2 and 1 respectively.
The security component 302 can include a role component 312 that can initiate and/or apply a general role and/or a role permission/right/attribute to provide security within the RFID network 304. The role component 312 can provide at least one guideline and/or rights to be enforced in association with the role-based authorization model 310 associated with the operating system 308. The guidelines and/or rights relating to the manipulation of the process 306 and/or utilization of a device with the process 306 can be based at least in part upon a track model analysis that facilitates the limitation of at least one threat to the system 300. In other words, the role-based authorization model 310 can be incorporated into the RFID network 304, wherein specific rights and/or attributes can be assigned accordingly.
For instance, the role component 312 can utilize two general roles such as an RFID administrator and at least one RFID user group containing at least one user, wherein the RFID administrator and the RFID user group has respective attributes, guidelines, and/or rights. The roles (e.g., warehouse manager, warehouse employee, dc manager, store employee, etc.) associated with the operating system 308 can be assigned (e.g., by the RFID administrator) to the RFID user group to reflect substantially similar hierarchy. In relation to processes, the RFID administrator can manipulate (e.g., create, execute, deploy, modify, delete, . . . ) any process 306 within the RFID network 304. Furthermore, the RFID administrator can add any user to have limited rights to a specific process or processes. Once added to a particular process by the RFID administrator, the user can create, modify, and execute the process 306 and add another user to the particular process. Yet, the RFID administrator can further dictate permissions related to device accessibility and/or utilization of devices with the process 306. In other words, the user (regardless of rights to the process 306) may not access a device if the RFID administrator restricts such device. The role component 312 can incorporate rights according to the above examples, wherein the RFID administrator can dictate permissions of the incorporated users and/or groups from the operating system 308. In addition, the RFID administrator can remove and/or retract a user's permission list.
The security component 302 can include an analyzer component 314 that can analyze various data associated with the system 300 to facilitate employing security techniques to provide protection to at least one of the manipulation of the process 306 and/or utilization of a device within the RFID network 304. In one example, the analyzer component 314 can analyze the operating system 308 and determine the role-based authorization model 310 associated therewith to incorporate such roles into the RFID network 304. The analyzer component 314 can determine the various roles associated with the operating system 308 which allows the role component 312 to incorporate such roles with respective rights. In another example, the analyzer component 314 can analyze possible threats and/or breaches to the security relating to at least one of the manipulation of the process 306 and/or utilization/accessibility of a device. In other words, the analyzer component 314 can determine a possible breach within security and incorporate the appropriate roles and/or rights to eliminate such breach possibility.
The security component 302 can further include a manager component 316 that manages the roles, attributes, and/or rights associated with the security component 302. The manager component 316 can provide the addition groups, creation of groups, deletion of groups, right assignment, etc. in relation to the security component 302. For example, the manager component 316 can edit (e.g., add, delete, modify, create, . . . ) the rights associated with a role and/or group incorporated from the operating system 308. Moreover, the manager component 316 can edit the users associated with a group within the RFID network 304. In one example, the manager component 316 can be utilized by the RFID administrator, wherein complete managerial aspects are dictated thereby. It is to be appreciated that the manager component 316 can manage various aspects in relation to the roles and/or authorizations incorporated from the operating system 308. Furthermore, although the manager component 316 is incorporated into the security component 302, the subject invention is not so limited. It is to be appreciated that the manager component 316 can be a stand-alone component, incorporated into the RFID network 304, incorporated into the operating system 308, and/or any combination thereof.
FIG. 4 illustrates a system 400 that facilitates providing at least one security technique to an RFID network in association with an operating system. A security component 402 can incorporate security levels associated with a manipulation of a process 406 and/or a utilization of a device within an RFID network 404. The security component 402 can create an RFID administrator and an RFID user group, wherein the RFID administrator can incorporate at least one characteristic (e.g., role, group, user, . . . ) from an authorization model 410 within an operating system 408. In other words, the RFID administrator can incorporate the characteristics within the operating system to provide a substantially similar hierarchy of security. It is to be appreciated that the security component 402, the RFID network 404, and the operating system 408 can be substantially similar to respective components and/or networks described in previous figures.
In one example, the RFID administrator has top priority in rights, wherein no user and/or group can over-step such authority. The RFID administrator can add users to groups, delete users from groups, create new groups, create new users, modify groups, modify rights associated with a group and/or user, execute processes, deploy processes, create processes, modify processes, provide permission on device utilization, etc. Once added by the RFID administrator to the process 406, the user and/or group can create the process 406, modify the process 406, delete the process 406, add another user and/or group to the process 406, but not deploy and/or execute the process 406. It is to be appreciated that the RFID administrator can dictate permissions on various devices within the RFID network 404, wherein if a device is not granted permission, the process 406 associated with such device may not be manipulated regardless of rights related to the process 406.
The security component 402 can utilize a threat component 412 that can utilize track model analysis to determine a threat and provide adequate protection accordingly. Track model analysis can be invoked to provide a trust forming initiative, wherein at least one threat can be mapped to the platform (e.g., system 400) in terms of security to provide a security model. The kinds of infractions can be listed and the resources, entry points, trust levels, data flow diagrams, and ways of compromised can be determined. Such information can lead to a list of threats, from which vulnerabilities can be exposed to allow the security component 402 protect from such vulnerabilities.
The security component 402 provides security related to the manipulation of a process and/or the utilization of a device within the RFID network 404. Numerous threats can be associated with the key assets (e.g., processes, devices, . . . ) to the RFID network 404, wherein the threat component 412 can determine and protect against such threats. The following threats can be seen as examples and not exhaustive to which the security component 402 can analyze to provide appropriate protection. The process 406 can be exposed to the unauthorized creation of a process. For instance, a malicious user could potentially create a logical RFID process that 1) siphons information that is being collected; and/or 2) does not reflect the business function expected out of an RFID deployment (e.g., an incorrect shipping and/or receiving process) for other gains. The process 406 can be exposed to an unauthorized deployment, modification, and/or deletion. A malicious user can execute RFID logic when it is not suppose to be executed (e.g., turn warehouse devices on and scan inventory and count via the deployment of count process) if not restricted (e.g., unless super users are present and the system is able to sand-box other users to give them permissions to do only what they are allowed). Such scenario includes malicious modification, deletion of business logic encompassed in a running process for other gains.
Additionally, the device can be exposed to various threats. The following examples are not to be limiting to the subject invention. The device can be exposed to a physical attack via a host. An attacker can perform physical probing and/or alteration of a device. In a probing attacking, the goal of the attacker is to obtain any of the items listed in device properties, data sent to tags, as well as device firmware. The device configuration can also be altered, wherein an attacker can attempt to alter the device configuration in an attempt to cause the device to misreport tag events including over-reporting, under-reporting, and/or reporting tag events to unauthorized hosts. The device-host exchange can be eavesdropped. An attacker may attempt to eavesdrop on communications between the device and the host including protocol data frames from device and host, and data sent to the device from the host.
Moreover, the injection of reader and/or host data frames can be a threat to the device within the RFID network 404. An attacker can inject data frames masquerading as the device or host including protocol data frames from device and host and data sent to the device from the host. An attacker can further inject data frames and/or physical layer noise to disrupt the communications availability of the device and host providing a denial of service on device-host data exchange. Further, an attacker can attempt to introduce an unauthorized device and/or host to propose a threat to the system 400. The threat component 412 can aim to solve the above mentioned issued by the application and/or user of existing security mechanisms in the operating system 408 platform in a specific manner to protect the aforementioned RFID framework entities from the type of threats defined.
The security component 402 can invoke an application program interface (API) component 414 (herein referred to as “API 414”). The API 414 can be invoked, for example, at runtime to edit various roles and/or attributes/rights associated with roles. It is to be appreciated that various API's can be utilized with the subject invention and the following example is not exhaustive. The API 414 can provide functionality such as, but not limited to, adding and/or removing a user and/or group from a list of users who can modify a process (e.g., such functionality can be done by the creator of the process). In addition, a list of all users and/or groups that can modify a process can be returned. In another example, the API 414 can add and/or remove a user and/or group from the list of owners of the process. Moreover, the API 414 can return a list of all users and/or groups who are owners of the process, wherein the process creator is part of such list. The following pseudo code can be employed in order to achieve the above functionality of the API 414.
public class SecurityManager: System.Web.Services.Service
{
[SoapMethod]
void AddOrRemoveProcessModifiers(string processName, string
userOrGroup, bool addOrRemove /*true means add*/);
[SoapMethod]
string[] GetProcessModifiers(string processName);
[SoapMethod]
void AddOrRemoveProcessCoOwner(string processName, string
userOrGroup, bool addOrRemove /*true means add*/);
[SoapMethod]
string[] GetProcessOwners(string processName);
}
The security component 402 can further include a notification component 416 that can notify an administrator of acts, potential acts, and/or other suspicious activity in relation to a security breach. The notification component 416 can utilize such data with the threat component 412 to protect against various security breaches. In other words, the notification component 416 can dynamically detect and/or protect against a malicious attack on the system 400. Moreover, the notification component 416 can inform (e.g., email, voicemail, text, Internet, web, . . . ) an administrator of attempted violation of assigned rights associated with a pre-defined role. Thus, a user within a group authorized to manipulate a first process can be reported to an administrator if such user attempts to violate permissions related to processes other than the first process.
The security component 402 can further include a data store 418 that can store various data related to the system 400. The data store 418 can provide storage for various threats determined (e.g., dynamically, manually, . . . ); roles associated with the operating system 408; the role-based authorization model 410, rights and/or attributes assigned to various users, groups, and/or administrators; pseudo code associated with at least one API; etc. The data store 418 can be, for example, either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of illustration, and not limitation, nonvolatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM is available in many forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), Rambus direct RAM (RDRAM), direct Rambus dynamic RAM (DRDRAM), and Rambus dynamic RAM (RDRAM). The data store 418 of the subject systems and methods is intended to comprise, without being limited to, these and any other suitable types of memory. In addition, it is to be appreciated that the data store 418 can be a server, a database, and/or a hard drive.
FIG. 5 illustrates a system 500 that facilitates employing a role-based authorization to an RFID network. A security component 502 can provide security and/or authorization to at least one of a manipulation of a process and/or a utilization of a device within such process, wherein both the process and the device are related to the RFID network 504. The security component 502 can incorporate a role-based authorization model within an operating system 516 allowing at least one user and/or group to be employed for a security hierarchy within the RFID network 504. It is to be appreciated that the security component 502, the operating system 516, and the RFID network 504 can be substantially similar to respective components/networks described in previous figures.
The RFID network 504 can include a plurality of universes (e.g., sub-systems, RFID networks), wherein a universe is a server of RFID entities. For simplicity, the RFID network 504 illustrates a single universe containing two collections of devices (e.g., device collections), where a first collection 506 is shown. For instance, an RFID sub-system can be a location wherein the entities involved are related to a substantially similar process. In one example, a sub-system can be a warehouse containing a plurality of receiving and/or shipping dock doors with associated devices. Thus, first collection 506 can be a collection of devices within the specified sub-system. It is to be appreciated a plurality of collection of devices can be implemented. Within a collection of devices, a device 508 can receive an RFID signal 514 from a pallet of goods 512 containing at least one RFID tag 510. It is to be appreciated the pallets and/or goods can be tagged based at least upon user specifications (e.g., single pallets tagged, individual goods tagged, pallets and goods tagged, etc.).
The security component 502 allows security techniques and/or mechanisms associated with the operating system 516 to be incorporated into the RFID network 504, wherein the manipulation of a process and/or the accessibility and/or utilization of the device 508 can be secured. The security component 502 can utilize the role-based authorization model associated with the operating system 516 in conjunction with the rights assigned to an RFID administrator and an RFID user group, wherein users and/or groups related to the operating system 516 can be integrated into the RFID user group.
FIG. 6 illustrates a system 600 that employs intelligence to facilitate employing a security technique to an RFID network. The system 600 can include a security component 602, an RFID network 604, an operating system 606, and the interface 106 that can all be substantially similar to respective components/networks described in previous figures. The system 600 further includes an intelligent component 608. The intelligent component 608 can be utilized by the security component 602 to facilitate providing security to the RFID network 604. It is to be appreciated that the enforcement of security can be in a distributed manner (e.g., the security can be enforced across disparate RFID runtimes).
It is to be understood that the intelligent component 608 can provide for reasoning about or infer states of the system, environment, and/or user from a set of observations as captured via events and/or data. Inference can be employed to identify a specific context or action, or can generate a probability distribution over states, for example. The inference can be probabilistic—that is, the computation of a probability distribution over states of interest based on a consideration of data and events. Inference can also refer to techniques employed for composing higher-level events from a set of events and/or data. Such inference results in the construction of new events or actions from a set of observed events and/or stored event data, whether or not the events are correlated in close temporal proximity, and whether the events and data come from one or several event and data sources. Various classification (explicitly and/or implicitly trained) schemes and/or systems (e.g., support vector machines, neural networks, expert systems, Bayesian belief networks, fuzzy logic, data fusion engines . . . ) can be employed in connection with performing automatic and/or inferred action in connection with the subject invention.
A classifier is a function that maps an input attribute vector, x=(x1, x2, x3, x4, xn), to a confidence that the input belongs to a class, that is, f(x)=confidence(class). Such classification can employ a probabilistic and/or statistical-based analysis (e.g., factoring into the analysis utilities and costs) to prognose or infer an action that a user desires to be automatically performed. A support vector machine (SVM) is an example of a classifier that can be employed. The SVM operates by finding a hypersurface in the space of possible inputs, which hypersurface attempts to split the triggering criteria from the non-triggering events. Intuitively, this makes the classification correct for testing data that is near, but not identical to training data. Other directed and undirected model classification approaches include, e.g., naïve Bayes, Bayesian networks, decision trees, neural networks, fuzzy logic models, and probabilistic classification models providing different patterns of independence can be employed. Classification as used herein also is inclusive of statistical regression that is utilized to develop models of priority.
A presentation component 610 can provide various types of user interfaces to facilitate interaction between a user and any component coupled to the security component 602. As depicted, the presentation component 610 is a separate entity that can be utilized with the security component 602. However, it is to be appreciated that the presentation component 610 and/or similar view components can be incorporated into the security component 602 and/or a stand-alone unit. The presentation component 610 can provide one or more graphical user interfaces (GUIs), command line interfaces, and the like. For example, a GUI can be rendered that provides a user with a region or means to load, import, read, etc., data, and can include a region to present the results of such. These regions can comprise known text and/or graphic regions comprising dialogue boxes, static controls, drop-down-menus, list boxes, pop-up menus, as edit controls, combo boxes, radio buttons, check boxes, push buttons, and graphic boxes. In addition, utilities to facilitate the presentation such vertical and/or horizontal scroll bars for navigation and toolbar buttons to determine whether a region will be viewable can be employed. For example, the user can interact with one or more of the components coupled to the security component 602.
The user can also interact with the regions to select and provide information via various devices such as a mouse, a roller ball, a keypad, a keyboard, a pen and/or voice activation, for example. Typically, a mechanism such as a push button or the enter key on the keyboard can be employed subsequent entering the information in order to initiate the search. However, it is to be appreciated that the invention is not so limited. For example, merely highlighting a check box can initiate information conveyance. In another example, a command line interface can be employed. For example, the command line interface can prompt (e.g., via a text message on a display and an audio tone) the user for information via providing a text message. The user can than provide suitable information, such as alpha-numeric input corresponding to an option provided in the interface prompt or an answer to a question posed in the prompt. It is to be appreciated that the command line interface can be employed in connection with a GUI and/or API. In addition, the command line interface can be employed in connection with hardware (e.g., video cards) and/or displays (e.g., black and white, and EGA) with limited graphic support, and/or low bandwidth communication channels.
FIGS. 7-8 illustrate methodologies in accordance with the subject invention. For simplicity of explanation, the methodologies are depicted and described as a series of acts. It is to be understood and appreciated that the subject invention is not limited by the acts illustrated and/or by the order of acts, for example acts can occur in various orders and/or concurrently, and with other acts not presented and described herein. Furthermore, not all illustrated acts may be required to implement the methodologies in accordance with the subject invention. In addition, those skilled in the art will understand and appreciate that the methodologies could alternatively be represented as a series of interrelated states via a state diagram or events.
FIG. 7 illustrates a methodology 700 for invoking a role-based authorization model to an RFID network utilizing an operating system. At reference numeral 702, an RFID administrator and an RFID user group can be created with assigned rights and/or permissions. The RFID administrator can execute, deploy, create, delete, modify, etc. a process associated with an RFID network. Additionally, the RFID administrator can add, delete, modify rights associated with a user and process permissions. For example, the RFID administrator can add a first user to the RFID user group which has permission to create, modify, and delete a process. Once added to the RFID user group, the user can add and/or remove other users to the process. Furthermore, the RFID administrator can give permissions in relation to accessibility and/or utilization of a device within the RFID network to a process. For instance, if the RFID administrator locks or denies access to a collection of devices, the RFID user group and/or user may not access such devices regardless of permissions related to associated processes.
At reference numeral 704, a user and/or group associated with a role-based authorization model within an operating system can be incorporated with the RFID user group. Thus, any roles, groups, and/or users related to the authorization model within the operating system can be incorporated into the RFID network to provide a substantially similar hierarchy of users related to such operating system. For example, the operating system can include a plurality of users in an organization such as warehouse manager, warehouse employee, DC manager, store employee, etc., wherein such characteristics are the basis of the authorization model. Those roles can be incorporated into the RFID network, and in particular into the RFID administrator and/or RFID user group. At reference numeral 706, security can be provided to the RFID network based at least in part upon the roles and/or role-based authorization model of the operating system. Thus, the use of existing security mechanisms within the operating system platform can be utilized in a specific manner to protect the RFID network from identified threats. The security is provided to at least one of a manipulation (e.g., create, modify, execute, deploy, manage, add user and/or group permission, . . . ) of a process and utilization of a device associated with a process.
FIG. 8 illustrates a methodology 800 that facilitates providing at least one security technique to an RFID network in association with an operating system. At reference numeral 802, a threat condition can be received. The threat condition can be any possible threat and/or vulnerability associated with an RFID network and/or related processes and/or devices. The threat condition can be, but is not limited to, an unauthorized creation of a process within the RFID network, the unauthorized deployment, modification, and/or deletion of a process within the RFID network, a physical attack on a device within the RFID network, an alteration of device configuration, eavesdropping on device-host data exchange, injection of device and/or host data frames, denial of service on device-host data exchange, unauthorized device and/or host, etc. The threat conditions can be manually, automatically, and/or dynamically determined, wherein such conditions can be utilized in conjunction with a track model analysis to protect the RFID network and associated assets.
At reference numeral 804, an RFID administrator and an RFID user group can be created with assigned permissions, attributes, and/or rights. It is to be appreciated that the permissions, attributes, and/or rights can be aimed to protect against various threats known and/or dynamically identified utilizing, for example, the track model analysis. A discussed supra, the RFID administrator can have permission levels above all other users and/or groups, wherein the RFID user group and associated users are subordinate thereto. Moreover, the permissions, attributes, and/or rights can be related to the manipulation of a process within the RFID network and/or accessibility and/or utilization of a device associated with a process within the RFID network. At reference numeral 806, a role-based authorization model within an operating system can be integrated to the RFID network, wherein various characteristics can be incorporated into the RFID administrator and/or RFID user groups. In other words, the existing security mechanisms associated with the operating system, in particular groups and/or users, can be utilized with providing security with the RFID network.
At reference numeral 808, a notification of a breach can be instantiated to, for instance an administrator. The breach can be any malicious attack on the RFID network, internal and/or external, wherein a notification to the proper administrator can be executed. The notification can be, for instance, an email, a text message, a post on a web page, a voicemail, etc. In one instance, the breach can a user with permission to a particular process attempts to access processes outside the scope of such permission. In such a case, a notification and/or log can be utilized to inform and/or track the attempted breach of security. At reference numeral 810, an API can be utilized to manage the role-based authorization associated with the RFID network. For example, an API can be invoked during runtime to allow at least one of the following: 1) the addition/removal of a user and/or group form a list of users who can modify a process; 2) return of a list of all users and/or groups who can modify a process; 3) add and/or remove a user and/or group from the list of owners of the process; and 4) return the list of all users and/or groups who are owners of the process. It is to be appreciated that numerous API's with a plurality of functionality can be employed with the subject invention and the above examples are not to be seen as limiting.
In order to provide additional context for implementing various aspects of the subject invention, FIGS. 9-10 and the following discussion is intended to provide a brief, general description of a suitable computing environment in which the various aspects of the subject invention may be implemented. While the invention has been described above in the general context of computer-executable instructions of a computer program that runs on a local computer and/or remote computer, those skilled in the art will recognize that the invention also may be implemented in combination with other program modules. Generally, program modules include routines, programs, components, data structures, etc., that perform particular tasks and/or implement particular abstract data types.
Moreover, those skilled in the art will appreciate that the inventive methods may be practiced with other computer system configurations, including single-processor or multi-processor computer systems, minicomputers, mainframe computers, as well as personal computers, hand-held computing devices, microprocessor-based and/or programmable consumer electronics, and the like, each of which may operatively communicate with one or more associated devices. The illustrated aspects of the invention may also be practiced in distributed computing environments where certain tasks are performed by remote processing devices that are linked through a communications network. However, some, if not all, aspects of the invention may be practiced on stand-alone computers. In a distributed computing environment, program modules may be located in local and/or remote memory storage devices.
FIG. 9 is a schematic block diagram of a sample-computing environment 900 with which the subject invention can interact. The system 900 includes one or more client(s) 910. The client(s) 910 can be hardware and/or software (e.g., threads, processes, computing devices). The system 900 also includes one or more server(s) 920. The server(s) 920 can be hardware and/or software (e.g., threads, processes, computing devices). The servers 920 can house threads to perform transformations by employing the subject invention, for example.
One possible communication between a client 910 and a server 920 can be in the form of a data packet adapted to be transmitted between two or more computer processes. The system 900 includes a communication framework 940 that can be employed to facilitate communications between the client(s) 910 and the server(s) 920. The client(s) 910 are operably connected to one or more client data store(s) 950 that can be employed to store information local to the client(s) 910. Similarly, the server(s) 920 are operably connected to one or more server data store(s) 930 that can be employed to store information local to the servers 920.
With reference to FIG. 10, an exemplary environment 1000 for implementing various aspects of the invention includes a computer 1012. The computer 1012 includes a processing unit 1014, a system memory 1016, and a system bus 1018. The system bus 1018 couples system components including, but not limited to, the system memory 1016 to the processing unit 1014. The processing unit 1014 can be any of various available processors. Dual microprocessors and other multiprocessor architectures also can be employed as the processing unit 1014.
The system bus 1018 can be any of several types of bus structure(s) including the memory bus or memory controller, a peripheral bus or external bus, and/or a local bus using any variety of available bus architectures including, but not limited to, Industrial Standard Architecture (ISA), Micro-Channel Architecture (MSA), Extended ISA (EISA), Intelligent Drive Electronics (IDE), VESA Local Bus (VLB), Peripheral Component Interconnect (PCI), Card Bus, Universal Serial Bus (USB), Advanced Graphics Port (AGP), Personal Computer Memory Card International Association bus (PCMCIA), Firewire (IEEE 1394), and Small Computer Systems Interface (SCSI).
The system memory 1016 includes volatile memory 1020 and nonvolatile memory 1022. The basic input/output system (BIOS), containing the basic routines to transfer information between elements within the computer 1012, such as during start-up, is stored in nonvolatile memory 1022. By way of illustration, and not limitation, nonvolatile memory 1022 can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory 1020 includes random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM is available in many forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), Rambus direct RAM (RDRAM), direct Rambus dynamic RAM (DRDRAM), and Rambus dynamic RAM (RDRAM).
Computer 1012 also includes removable/non-removable, volatile/non-volatile computer storage media. FIG. 10 illustrates, for example a disk storage 1024. Disk storage 1024 includes, but is not limited to, devices like a magnetic disk drive, floppy disk drive, tape drive, Jaz drive, Zip drive, LS-100 drive, flash memory card, or memory stick. In addition, disk storage 1024 can include storage media separately or in combination with other storage media including, but not limited to, an optical disk drive such as a compact disk ROM device (CD-ROM), CD recordable drive (CD-R Drive), CD rewritable drive (CD-RW Drive) or a digital versatile disk ROM drive (DVD-ROM). To facilitate connection of the disk storage devices 1024 to the system bus 1018, a removable or non-removable interface is typically used such as interface 1026.
It is to be appreciated that FIG. 10 describes software that acts as an intermediary between users and the basic computer resources described in the suitable operating environment 1000. Such software includes an operating system 1028. Operating system 1028, which can be stored on disk storage 1024, acts to control and allocate resources of the computer system 1012. System applications 1030 take advantage of the management of resources by operating system 1028 through program modules 1032 and program data 1034 stored either in system memory 1016 or on disk storage 1024. It is to be appreciated that the subject invention can be implemented with various operating systems or combinations of operating systems.
A user enters commands or information into the computer 1012 through input device(s) 1036. Input devices 1036 include, but are not limited to, a pointing device such as a mouse, trackball, stylus, touch pad, keyboard, microphone, joystick, game pad, satellite dish, scanner, TV tuner card, digital camera, digital video camera, web camera, and the like. These and other input devices connect to the processing unit 1014 through the system bus 1018 via interface port(s) 1038. Interface port(s) 1038 include, for example, a serial port, a parallel port, a game port, and a universal serial bus (USB). Output device(s) 1040 use some of the same type of ports as input device(s) 1036. Thus, for example, a USB port may be used to provide input to computer 1012, and to output information from computer 1012 to an output device 1040. Output adapter 1042 is provided to illustrate that there are some output devices 1040 like monitors, speakers, and printers, among other output devices 1040, which require special adapters. The output adapters 1042 include, by way of illustration and not limitation, video and sound cards that provide a means of connection between the output device 1040 and the system bus 1018. It should be noted that other devices and/or systems of devices provide both input and output capabilities such as remote computer(s) 1044.
Computer 1012 can operate in a networked environment using logical connections to one or more remote computers, such as remote computer(s) 1044. The remote computer(s) 1044 can be a personal computer, a server, a router, a network PC, a workstation, a microprocessor based appliance, a peer device or other common network node and the like, and typically includes many or all of the elements described relative to computer 1012. For purposes of brevity, only a memory storage device 1046 is illustrated with remote computer(s) 1044. Remote computer(s) 1044 is logically connected to computer 1012 through a network interface 1048 and then physically connected via communication connection 1050. Network interface 1048 encompasses wire and/or wireless communication networks such as local-area networks (LAN) and wide-area networks (WAN). LAN technologies include Fiber Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI), Ethernet, Token Ring and the like. WAN technologies include, but are not limited to, point-to-point links, circuit switching networks like Integrated Services Digital Networks (ISDN) and variations thereon, packet switching networks, and Digital Subscriber Lines (DSL).
Communication connection(s) 1050 refers to the hardware/software employed to connect the network interface 1048 to the bus 1018. While communication connection 1050 is shown for illustrative clarity inside computer 1012, it can also be external to computer 1012. The hardware/software necessary for connection to the network interface 1048 includes, for exemplary purposes only, internal and external technologies such as, modems including regular telephone grade modems, cable modems and DSL modems, ISDN adapters, and Ethernet cards.
What has been described above includes examples of the subject invention. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the subject invention, but one of ordinary skill in the art may recognize that many further combinations and permutations of the subject invention are possible. Accordingly, the subject invention is intended to embrace all such alterations, modifications, and variations that fall within the spirit and scope of the appended claims.
In particular and in regard to the various functions performed by the above described components, devices, circuits, systems and the like, the terms (including a reference to a “means”) used to describe such components are intended to correspond, unless otherwise indicated, to any component which performs the specified function of the described component (e.g., a functional equivalent), even though not structurally equivalent to the disclosed structure, which performs the function in the herein illustrated exemplary aspects of the invention. In this regard, it will also be recognized that the invention includes a system as well as a computer-readable medium having computer-executable instructions for performing the acts and/or events of the various methods of the invention.
In addition, while a particular feature of the invention may have been disclosed with respect to only one of several implementations, such feature may be combined with one or more other features of the other implementations as may be desired and advantageous for any given or particular application. Furthermore, to the extent that the terms “includes,” and “including” and variants thereof are used in either the detailed description or the claims, these terms are intended to be inclusive in a manner similar to the term “comprising.”

Claims (20)

1. A system that facilitates employing security to a Radio Frequency Identification (RFID) network, comprising:
an RFID device that is associated with at least one RFID process;
a processor that executes the following computer executable components stored on a computer readable medium:
an interface that receives a role-based authorization model associated with an operating system, wherein the role-based authorization model defines a security hierarchy;
a security component that applies the role-based authorization model to an RFID network to define security permissions for the RFID network, wherein the security component comprises a first security layer that regulates processing of the RFID process and a second security layer that regulates use of the RFID device such that the RFID process and the RFID device are protected from threats and breaches, wherein the security component is configured to analyze possible threats and/or breaches to the security of the RFID network that could be introduced via the RFID process or the RFID device, wherein the possible threats and/or breaches relate to at least one of manipulation of the at least one associated RFID process and the utilization of the RFID device within the RFID network, the possible threats and/or breaches being determined before any actual threat or breach has occurred; and
a threat component that utilizes a track model analysis to dynamically determine RFID network vulnerabilities and threat conditions that the security component is configured to prevent, wherein the threat conditions are determined before the occurrence of an actual intrusion, and wherein the track model analysis provides a list of one or more vulnerabilities including the resources, entry points, trust levels, data flow diagrams, and determined ways of compromising the RFID network.
2. The system of claim 1, the RFID network includes at least one of an RFID reader; an RFID writer; an RFID printer; a printer; a reader; a writer; an RFID transmitter; an antenna; a sensor; a real time device; an RFID receiver; a real time sensor; a device extensible to a web service; or a real time event generation system.
3. The system of claim 1, the RFID network includes at least one of an outbound process; a manufacturing process; a shipping process; a receiving process; a tracking process; a data representation process; a data manipulation process; a security process; or a process utilizing one of an RFID device service, a device collection, a tag read, an event, an event queue, a tag write, a device configuration, or a number count.
4. The system of claim 1, the RFID network comprises a collection of devices that form a sub-system, which includes:
an RFID reader that receives an RFID signal; and
an RFID tag that transmits the RFID signal.
5. The system of claim 1, further comprising a role component that creates an RFID administrator and an RFID user group with respective permissions corresponding to permissions from the role-based authorization model.
6. The system of claim 5, the RFID administrator manipulates a process within the RFID network.
7. The system of claim 6, the manipulation of the process is at least one of an execution; a modification; a creation; a deletion; a deployment; or a termination.
8. The system of claim 5, the RFID administrator incorporates at least one of a user or a group from the role-based authorization model into the RFID user group to utilize the security hierarchy.
9. The system of claim 8, the RFID administrator dictates permission to at least one of the user or the group to manipulate a process within the RFID network, wherein the manipulation is at least one of a creation of the process, a modification of the process, or a deletion of the process.
10. The system of claim 9, at least one of the user or the group dictates permission to at least one of a disparate user or a disparate group to manipulate a process within the RFID network, wherein the manipulation is at least one of a creation of the process, a modification of the process, or a deletion of the process.
11. The system of claim 8, the RFID administrator dictates permission associated with a device within the RFID network to at least one of the user or the group.
12. The system of claim 1, further comprising a threat component that utilizes a track model analysis to determine a threat condition that the security component prevents.
13. The system of claim 1, further comprising at least one of an analyzer component that determines a characteristic of the role-based authorization model within the operating system to incorporate with the RFID network; or a manager component that manages at least one of a role or a permission associated with the RFID network.
14. The system of claim 1, further comprising at least one of an application programming interface (API) component that invokes an API to modify permissions associated with at least one of an RFID administrator or an RFID user group; or a notification component that alerts an administrator of at least one of a security breach or an attempted security breach, wherein the security breach is at least one of internal or external.
15. A method that facilitates employing security to a Radio Frequency Identification RFID network, comprising:
employing a processor to execute computer readable instructions stored in a computer readable medium to perform the following acts:
creating an RFID administrator and an RFID user group;
incorporating existing roles associated with an authorization model within an operating system into the RFID user group;
invoking a security component in the RFID network based upon the authorization model, wherein the security component comprises a first security layer that regulates processing of the RFID process and a second security layer that regulates use of the RFID device such that the RFID process and the RFID device are protected from threats and breaches, wherein the security component is configured to analyze possible threats and/or breaches to the security of the RFID network that could be introduced via the RFID process or the RFID device, wherein the possible threats and/or breaches relate to at least one of manipulation of the at least one associated RFID process and the utilization of the RFID device within the RFID network, the possible threats and/or breaches being determined before any actual threat or breach has occurred; and
invoking a threat component that utilizes a track model analysis to dynamically determine RFID network vulnerabilities and threat conditions that the security component is configured to prevent, wherein the threat conditions are determined before the occurrence of an actual intrusion, and wherein the track model analysis provides a list of one or more vulnerabilities including the resources, entry points, trust levels, data flow diagrams, and determined ways of compromising the RFID network.
16. The method of claim 15, further comprising:
receiving a threat condition;
utilizing a track model analysis to determine a threat condition to protect against;
assigning at least one permission to at least one of the RFID administrator or the RFID user group;
providing a notification of a breach; and
utilizing an API to manage the security of the RFID network.
17. A computer-implemented system that facilitates employing security to a Radio Frequency Identification (RFID) network, comprising:
an RFID device that is associated with at least one RFID process;
means for receiving a hierarchy of security related to an operating system;
means for incorporating the hierarchy of security into an RFID network, wherein a security component comprises a first security layer that regulates processing of the RFID process and a second security layer that regulates use of the RFID device such that the RFID process and the RFID device are protected from threats and breaches, wherein the security component is configured to analyze possible threats and/or breaches to the security of the RFID network that could be introduced via the RFID process or the RFID device, wherein the possible threats and/or breaches relate to at least one of manipulation of the at least one associated RFID process and the utilization of the RFID device within the RFID network, the possible threats and/or breaches being determined before any actual threat or breach has occurred; and
means for utilizing a track model analysis to dynamically determine RFID network vulnerabilities and threat conditions that the security component is configured to prevent, wherein the threat conditions are determined before the occurrence of an actual intrusion, and wherein the track model analysis provides a list of one or more vulnerabilities including the resources, entry points, trust levels, data flow diagrams, and determined ways of compromising the RFID network.
18. The system of claim 12, the track model analysis provides a security model that exposes vulnerabilities of the RFID network.
19. The method of claim 16, wherein the track model analysis dynamically identifies the threat condition.
20. The system of claim 5, wherein the RFID user group comprises both structured query language (SQL) users and SQL roles.
US11/141,533 2004-09-01 2005-05-31 Security techniques in the RFID framework Active 2027-12-26 US7944355B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/141,533 US7944355B2 (en) 2004-09-01 2005-05-31 Security techniques in the RFID framework

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US60628104P 2004-09-01 2004-09-01
US60657704P 2004-09-02 2004-09-02
US11/141,533 US7944355B2 (en) 2004-09-01 2005-05-31 Security techniques in the RFID framework

Publications (2)

Publication Number Publication Date
US20060055508A1 US20060055508A1 (en) 2006-03-16
US7944355B2 true US7944355B2 (en) 2011-05-17

Family

ID=37992257

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/140,726 Expired - Fee Related US7382260B2 (en) 2004-09-01 2005-05-31 Hot swap and plug-and-play for RFID devices
US11/141,533 Active 2027-12-26 US7944355B2 (en) 2004-09-01 2005-05-31 Security techniques in the RFID framework

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/140,726 Expired - Fee Related US7382260B2 (en) 2004-09-01 2005-05-31 Hot swap and plug-and-play for RFID devices

Country Status (2)

Country Link
US (2) US7382260B2 (en)
RU (7) RU2398268C2 (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060143466A1 (en) * 1999-06-07 2006-06-29 Nokia Corporation Security Architecture
US8650390B2 (en) 2000-09-13 2014-02-11 Fortinet, Inc. Tunnel interface for securing traffic over a network
US9246935B2 (en) 2013-10-14 2016-01-26 Intuit Inc. Method and system for dynamic and comprehensive vulnerability management
US9245117B2 (en) 2014-03-31 2016-01-26 Intuit Inc. Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
US9264304B2 (en) 2012-06-20 2016-02-16 Reliance Jio Infocomm Usa, Inc. Method and procedure for dynamic services orchestration that runs within an on device software container
US9276945B2 (en) 2014-04-07 2016-03-01 Intuit Inc. Method and system for providing security aware applications
US9313281B1 (en) 2013-11-13 2016-04-12 Intuit Inc. Method and system for creating and dynamically deploying resource specific discovery agents for determining the state of a cloud computing environment
US9319415B2 (en) 2014-04-30 2016-04-19 Intuit Inc. Method and system for providing reference architecture pattern-based permissions management
US9323926B2 (en) 2013-12-30 2016-04-26 Intuit Inc. Method and system for intrusion and extrusion detection
US9325726B2 (en) 2014-02-03 2016-04-26 Intuit Inc. Method and system for virtual asset assisted extrusion and intrusion detection in a cloud computing environment
US9330263B2 (en) * 2014-05-27 2016-05-03 Intuit Inc. Method and apparatus for automating the building of threat models for the public cloud
US9374389B2 (en) 2014-04-25 2016-06-21 Intuit Inc. Method and system for ensuring an application conforms with security and regulatory controls prior to deployment
US9473481B2 (en) 2014-07-31 2016-10-18 Intuit Inc. Method and system for providing a virtual asset perimeter
US9501345B1 (en) 2013-12-23 2016-11-22 Intuit Inc. Method and system for creating enriched log data
US9866581B2 (en) 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US9888044B2 (en) 2014-09-15 2018-02-06 Reliance Jio Infocomm Usa, Inc. Extending communication services to a consumption device using a proxy device
US9900322B2 (en) 2014-04-30 2018-02-20 Intuit Inc. Method and system for providing permissions management
US9923909B2 (en) 2014-02-03 2018-03-20 Intuit Inc. System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US10123360B2 (en) 2014-01-22 2018-11-06 Reliance Jio Infocomm Limited System and method for secure wireless communication
US10531358B2 (en) 2015-07-30 2020-01-07 Reliace Jio Infocomm Usa, Inc. Method and system for routing IP based messaging, voice and video calling based on the network parameters the device is connected to and the location
US10755160B2 (en) 2015-05-25 2020-08-25 Wewewe Gmbh Insertion body, assembly of insertion bodies and method for inserting an insertion body
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets

Families Citing this family (213)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7204409B2 (en) * 2004-09-01 2007-04-17 Microsoft Corporation Reader application markup language schema
US7701341B2 (en) * 2004-09-01 2010-04-20 Microsoft Corporation Device service provider interface
US9080894B2 (en) 2004-10-20 2015-07-14 Electro Industries/Gauge Tech Intelligent electronic device for receiving and sending data at high speeds over a network
US7304586B2 (en) 2004-10-20 2007-12-04 Electro Industries / Gauge Tech On-line web accessed energy meter
US7747733B2 (en) 2004-10-25 2010-06-29 Electro Industries/Gauge Tech Power meter having multiple ethernet ports
JP2006133038A (en) * 2004-11-04 2006-05-25 Denso Corp Navigation device
US7551081B2 (en) 2004-11-10 2009-06-23 Rockwell Automation Technologies, Inc. Systems and methods that integrate radio frequency identification (RFID) technology with agent-based control systems
US7339476B2 (en) 2004-11-10 2008-03-04 Rockwell Automation Technologies, Inc. Systems and methods that integrate radio frequency identification (RFID) technology with industrial controllers
US8160824B2 (en) 2005-01-27 2012-04-17 Electro Industries/Gauge Tech Intelligent electronic device with enhanced power quality monitoring and communication capabilities
US8190381B2 (en) 2005-01-27 2012-05-29 Electro Industries/Gauge Tech Intelligent electronic device with enhanced power quality monitoring and communications capabilities
US8930153B2 (en) 2005-01-27 2015-01-06 Electro Industries/Gauge Tech Metering device with control functionality and method thereof
US8620608B2 (en) 2005-01-27 2013-12-31 Electro Industries/Gauge Tech Intelligent electronic device and method thereof
US7607014B2 (en) * 2005-06-30 2009-10-20 Hewlett-Packard Development Company, L.P. Authenticating maintenance access to an electronics unit via wireless communication
US20070006298A1 (en) * 2005-06-30 2007-01-04 Malone Christopher G Controlling access to a workstation system via wireless communication
US7733906B2 (en) * 2005-06-30 2010-06-08 Intel Corporation Methodology for network port security
US20070014243A1 (en) * 2005-07-14 2007-01-18 Yahoo! Inc. System and method for provisioning a user device
US8417782B2 (en) * 2005-07-14 2013-04-09 Yahoo! Inc. Universal calendar event handling
US7788352B2 (en) * 2005-07-14 2010-08-31 Yahoo! Inc. System and method for servicing a user device
US8112549B2 (en) * 2005-07-14 2012-02-07 Yahoo! Inc. Alert mechanism for notifying multiple user devices sharing a connected-data-set
US7388491B2 (en) * 2005-07-20 2008-06-17 Rockwell Automation Technologies, Inc. Mobile RFID reader with integrated location awareness for material tracking and management
US7764191B2 (en) 2005-07-26 2010-07-27 Rockwell Automation Technologies, Inc. RFID tag data affecting automation controller with internal database
US8260948B2 (en) 2005-08-10 2012-09-04 Rockwell Automation Technologies, Inc. Enhanced controller utilizing RFID technology
US7904186B2 (en) * 2005-08-22 2011-03-08 Trane International, Inc. Building automation system facilitating user customization
GB2445489B (en) * 2005-08-22 2011-06-22 Trane Int Inc Dynamically extensible and automatically configurable building automation system and architecture
US8055387B2 (en) * 2005-08-22 2011-11-08 Trane International Inc. Building automation system data management
US7870090B2 (en) * 2005-08-22 2011-01-11 Trane International Inc. Building automation system date management
US8024054B2 (en) * 2005-08-22 2011-09-20 Trane International, Inc. Building automation system facilitating user customization
US7917232B2 (en) * 2005-08-22 2011-03-29 Trane International Inc. Building automation system data management
US8050801B2 (en) * 2005-08-22 2011-11-01 Trane International Inc. Dynamically extensible and automatically configurable building automation system and architecture
US8099178B2 (en) * 2005-08-22 2012-01-17 Trane International Inc. Building automation system facilitating user customization
US8055386B2 (en) * 2005-08-22 2011-11-08 Trane International Inc. Building automation system data management
GB2465506B (en) * 2005-08-22 2010-11-03 Trane Int Inc Building automation system facilitating user customization
US7510110B2 (en) * 2005-09-08 2009-03-31 Rockwell Automation Technologies, Inc. RFID architecture in an industrial controller environment
US7931197B2 (en) 2005-09-20 2011-04-26 Rockwell Automation Technologies, Inc. RFID-based product manufacturing and lifecycle management
US7446662B1 (en) 2005-09-26 2008-11-04 Rockwell Automation Technologies, Inc. Intelligent RFID tag for magnetic field mapping
US8025227B2 (en) 2005-09-30 2011-09-27 Rockwell Automation Technologies, Inc. Access to distributed databases via pointer stored in RFID tag
US8515348B2 (en) 2005-10-28 2013-08-20 Electro Industries/Gauge Tech Bluetooth-enable intelligent electronic device
US8639543B2 (en) * 2005-11-01 2014-01-28 International Business Machines Corporation Methods, systems, and media to improve employee productivity using radio frequency identification
DE502005003131D1 (en) * 2005-11-25 2008-04-17 Siemens Ag Automation system with a connected RFID-identified sensor or actuator
US7378966B2 (en) * 2006-01-04 2008-05-27 Microsoft Corporation RFID device groups
US8018322B2 (en) * 2006-01-31 2011-09-13 Oracle International Corporation Graphical interface for RFID edge server
US20070208832A1 (en) * 2006-01-31 2007-09-06 Bea Systems, Inc. RFID edge server allowing configuration updates without restart
US8373545B2 (en) * 2006-01-31 2013-02-12 Oracle International Corporation EPC provisioning system using business rules
JP2007249312A (en) * 2006-03-14 2007-09-27 Yokogawa Electric Corp Field equipment management device and method
US20080010535A1 (en) * 2006-06-09 2008-01-10 Microsoft Corporation Automated and configurable system for tests to be picked up and executed
US7956724B2 (en) * 2006-06-15 2011-06-07 Microsoft Corporation Support for reliable end to end messaging of tags in an RFID infrastructure
US8207822B2 (en) * 2006-06-15 2012-06-26 Microsoft Corporation Support for batching of events, and shredding of batched events in the RFID infrastructure platform
US7868738B2 (en) * 2006-06-15 2011-01-11 Microsoft Corporation Device simulator framework for an RFID infrastructure
US7675418B2 (en) * 2006-06-15 2010-03-09 Microsoft Corporation Synchronous command model for RFID-enabling applications
US20080001711A1 (en) * 2006-06-15 2008-01-03 Microsoft Corporation Reliability of execution for device provider implementations
WO2007144859A2 (en) * 2006-06-16 2007-12-21 Visible Assets, Inc. Dot-tag visibility network architecture
US20080046567A1 (en) * 2006-08-18 2008-02-21 Microsoft Corporation Automatic detection and integration of network workloads
US20080065874A1 (en) * 2006-09-07 2008-03-13 Andrew Geissler System and method for dynamic determination of system topology in a multiple building block server system
US8116243B2 (en) 2006-10-05 2012-02-14 Electronics And Telecommunications Research Institute Wireless sensor network and adaptive method for monitoring the security thereof
US20080101400A1 (en) * 2006-10-30 2008-05-01 Nokia Corporation Managing attachment of a wireless terminal to local area networks
US8233040B2 (en) * 2006-12-01 2012-07-31 Accu-Sort Systems, Inc. Modular camera and camera system
CN101554092A (en) * 2006-12-06 2009-10-07 皇家飞利浦电子股份有限公司 Method and apparatus for replacing a device in a network
US20080140867A1 (en) * 2006-12-11 2008-06-12 Honeywell International Inc. Apparatus for non-disruptively disconnecting a peripheral device
US20080174404A1 (en) * 2007-01-23 2008-07-24 Microsoft Corporation Dynamic updates in rfid manager
US8245219B2 (en) * 2007-01-25 2012-08-14 Microsoft Corporation Standardized mechanism for firmware upgrades of RFID devices
KR100936218B1 (en) * 2007-02-08 2010-01-11 엘지전자 주식회사 Automatic recognition method for device of building management system
US7920976B2 (en) 2007-03-27 2011-04-05 Electro Industries / Gauge Tech. Averaging in an intelligent electronic device
US20130275066A1 (en) 2007-04-03 2013-10-17 Electro Industries/Gaugetech Digital power metering system
US11307227B2 (en) 2007-04-03 2022-04-19 Electro Industries/Gauge Tech High speed digital transient waveform detection system and method for use in an intelligent electronic device
US10845399B2 (en) 2007-04-03 2020-11-24 Electro Industries/Gaugetech System and method for performing data transfers in an intelligent electronic device
US9989618B2 (en) 2007-04-03 2018-06-05 Electro Industries/Gaugetech Intelligent electronic device with constant calibration capabilities for high accuracy measurements
US8028090B2 (en) 2008-11-17 2011-09-27 Amazon Technologies, Inc. Request routing utilizing client location information
US7991910B2 (en) 2008-11-17 2011-08-02 Amazon Technologies, Inc. Updating routing information based on client location
US20090085743A1 (en) * 2007-09-28 2009-04-02 Symbol Technologies, Inc. Methods and systems for controlling operations of a mobile radio frequency reader based on its location
WO2009052143A1 (en) 2007-10-16 2009-04-23 Accu-Sort Systems, Inc. Dimensioning and barcode reading system
US8041859B2 (en) * 2007-11-05 2011-10-18 Honywell International Inc. Apparatus and method for connectivity in networks capable of non-disruptively disconnecting peripheral devices
US20090122725A1 (en) * 2007-11-09 2009-05-14 Honeywell International Inc. Robust networks for non-disruptively disconnecting peripheral devices
CN105213010A (en) 2008-01-14 2016-01-06 康文图斯整形外科公司 For the apparatus and method of fracture repair
GB2457062A (en) * 2008-02-01 2009-08-05 Iti Scotland Ltd Tag reader / writer process partitioned for execution between secure and non-secure processing environments
US8533293B1 (en) 2008-03-31 2013-09-10 Amazon Technologies, Inc. Client side cache management
US8447831B1 (en) 2008-03-31 2013-05-21 Amazon Technologies, Inc. Incentive driven content delivery
US7970820B1 (en) 2008-03-31 2011-06-28 Amazon Technologies, Inc. Locality based content distribution
US8321568B2 (en) * 2008-03-31 2012-11-27 Amazon Technologies, Inc. Content management
US8606996B2 (en) * 2008-03-31 2013-12-10 Amazon Technologies, Inc. Cache optimization
US7962597B2 (en) 2008-03-31 2011-06-14 Amazon Technologies, Inc. Request routing based on class
US8601090B1 (en) 2008-03-31 2013-12-03 Amazon Technologies, Inc. Network resource identification
US8156243B2 (en) 2008-03-31 2012-04-10 Amazon Technologies, Inc. Request routing
US20130031201A1 (en) * 2008-04-03 2013-01-31 Electro Industries/Gauge Tech Intelligent electronic device communication solutions for network topologies
US9482555B2 (en) 2008-04-03 2016-11-01 Electro Industries/Gauge Tech. System and method for improved data transfer from an IED
US8878393B2 (en) * 2008-05-13 2014-11-04 Qualcomm Incorporated Wireless power transfer for vehicles
US9130407B2 (en) * 2008-05-13 2015-09-08 Qualcomm Incorporated Signaling charging in wireless power environment
US7925782B2 (en) 2008-06-30 2011-04-12 Amazon Technologies, Inc. Request routing using network computing components
US9912740B2 (en) 2008-06-30 2018-03-06 Amazon Technologies, Inc. Latency measurement in resource requests
US9407681B1 (en) 2010-09-28 2016-08-02 Amazon Technologies, Inc. Latency measurement in resource requests
US7865594B1 (en) 2008-09-29 2011-01-04 Amazon Technologies, Inc. Managing resources consolidation configurations
US8122124B1 (en) 2008-09-29 2012-02-21 Amazon Technologies, Inc. Monitoring performance and operation of data exchanges
US8286176B1 (en) 2008-09-29 2012-10-09 Amazon Technologies, Inc. Optimizing resource configurations
US7930393B1 (en) 2008-09-29 2011-04-19 Amazon Technologies, Inc. Monitoring domain allocation performance
US8117306B1 (en) 2008-09-29 2012-02-14 Amazon Technologies, Inc. Optimizing content management
US8316124B1 (en) 2008-09-29 2012-11-20 Amazon Technologies, Inc. Managing network data display
US8073940B1 (en) 2008-11-17 2011-12-06 Amazon Technologies, Inc. Managing content delivery network service providers
US8732309B1 (en) 2008-11-17 2014-05-20 Amazon Technologies, Inc. Request routing utilizing cost information
US8122098B1 (en) 2008-11-17 2012-02-21 Amazon Technologies, Inc. Managing content delivery network service providers by a content broker
US8060616B1 (en) 2008-11-17 2011-11-15 Amazon Technologies, Inc. Managing CDN registration by a storage provider
US8521880B1 (en) 2008-11-17 2013-08-27 Amazon Technologies, Inc. Managing content delivery network service providers
US8065417B1 (en) 2008-11-17 2011-11-22 Amazon Technologies, Inc. Service provider registration by a content broker
US9312924B2 (en) 2009-02-10 2016-04-12 Qualcomm Incorporated Systems and methods relating to multi-dimensional wireless charging
US8854224B2 (en) * 2009-02-10 2014-10-07 Qualcomm Incorporated Conveying device information relating to wireless charging
US20100201312A1 (en) 2009-02-10 2010-08-12 Qualcomm Incorporated Wireless power transfer for portable enclosures
US8180824B2 (en) 2009-02-23 2012-05-15 Trane International, Inc. Log collection data harvester for use in a building automation system
US20100225470A1 (en) * 2009-03-06 2010-09-09 Manish Marwah Entity identification and information retrieval with a mobile device
US7917618B1 (en) 2009-03-24 2011-03-29 Amazon Technologies, Inc. Monitoring web site content
US8521851B1 (en) 2009-03-27 2013-08-27 Amazon Technologies, Inc. DNS query processing using resource identifiers specifying an application broker
US8688837B1 (en) 2009-03-27 2014-04-01 Amazon Technologies, Inc. Dynamically translating resource identifiers for request routing using popularity information
US8412823B1 (en) 2009-03-27 2013-04-02 Amazon Technologies, Inc. Managing tracking information entries in resource cache components
US8756341B1 (en) 2009-03-27 2014-06-17 Amazon Technologies, Inc. Request routing utilizing popularity information
US8082303B2 (en) 2009-03-30 2011-12-20 Qualcomm Incorporated Methods and apparatus for combined peer to peer and wide area network based discovery
US8782236B1 (en) 2009-06-16 2014-07-15 Amazon Technologies, Inc. Managing resources using resource expiration data
US8397073B1 (en) 2009-09-04 2013-03-12 Amazon Technologies, Inc. Managing secure content in a content delivery network
US8433771B1 (en) 2009-10-02 2013-04-30 Amazon Technologies, Inc. Distribution network with forward resource propagation
DE102009048770A1 (en) * 2009-10-08 2011-04-14 Smiths Heimann Gmbh Transport tray in an X-ray inspection system
US7908348B2 (en) * 2009-11-30 2011-03-15 General Electric Company Dynamic installation and uninstallation system of renewable energy farm hardware
DE102009058144B4 (en) 2009-12-12 2023-10-12 Volkswagen Ag Method for representing a function of a control element of an operating device of a vehicle as well as an operating device and a vehicle
US8331371B2 (en) 2009-12-17 2012-12-11 Amazon Technologies, Inc. Distributed routing architecture
US8331370B2 (en) 2009-12-17 2012-12-11 Amazon Technologies, Inc. Distributed routing architecture
RU2447487C2 (en) * 2010-01-14 2012-04-10 Сергей Сергеевич Окладников Method for developing machine instructions sequence of computer
WO2011088172A1 (en) 2010-01-15 2011-07-21 Brenzel Michael P Rotary-rigid orthopaedic rod
EP2523616B1 (en) 2010-01-20 2019-04-17 Conventus Orthopaedics, Inc. Apparatus for bone access and cavity preparation
US9495338B1 (en) 2010-01-28 2016-11-15 Amazon Technologies, Inc. Content distribution network
US9258201B2 (en) * 2010-02-23 2016-02-09 Trane International Inc. Active device management for use in a building automation system
US8793022B2 (en) 2010-02-26 2014-07-29 Trane International, Inc. Automated air source and VAV box association
US8219660B2 (en) * 2010-02-26 2012-07-10 Trane International Inc. Simultaneous connectivity and management across multiple building automation system networks
CN108125714A (en) 2010-03-08 2018-06-08 康文图斯整形外科公司 For fixing the device and method of bone implant
US8819283B2 (en) 2010-09-28 2014-08-26 Amazon Technologies, Inc. Request routing in a networked environment
US10097398B1 (en) 2010-09-28 2018-10-09 Amazon Technologies, Inc. Point of presence management in request routing
US8930513B1 (en) 2010-09-28 2015-01-06 Amazon Technologies, Inc. Latency measurement in resource requests
US8468247B1 (en) 2010-09-28 2013-06-18 Amazon Technologies, Inc. Point of presence management in request routing
US8938526B1 (en) 2010-09-28 2015-01-20 Amazon Technologies, Inc. Request routing management based on network components
US9712484B1 (en) 2010-09-28 2017-07-18 Amazon Technologies, Inc. Managing request routing information utilizing client identifiers
US8924528B1 (en) 2010-09-28 2014-12-30 Amazon Technologies, Inc. Latency measurement in resource requests
US10958501B1 (en) 2010-09-28 2021-03-23 Amazon Technologies, Inc. Request routing information based on client IP groupings
US9003035B1 (en) 2010-09-28 2015-04-07 Amazon Technologies, Inc. Point of presence management in request routing
US8577992B1 (en) 2010-09-28 2013-11-05 Amazon Technologies, Inc. Request routing management based on network components
US8452874B2 (en) 2010-11-22 2013-05-28 Amazon Technologies, Inc. Request routing processing
US9391949B1 (en) 2010-12-03 2016-07-12 Amazon Technologies, Inc. Request routing processing
US8626950B1 (en) 2010-12-03 2014-01-07 Amazon Technologies, Inc. Request routing processing
RU2454713C1 (en) * 2011-03-09 2012-06-27 Курское открытое акционерное общество "Прибор" Miniature system for gathering and recording flight information
RU2469396C1 (en) * 2011-03-31 2012-12-10 Игорь Владимирович Тимошенко Method for user authorisation in multiuser system
US10467042B1 (en) 2011-04-27 2019-11-05 Amazon Technologies, Inc. Optimized deployment based upon customer locality
US10275840B2 (en) 2011-10-04 2019-04-30 Electro Industries/Gauge Tech Systems and methods for collecting, analyzing, billing, and reporting data from intelligent electronic devices
US10303860B2 (en) 2011-10-04 2019-05-28 Electro Industries/Gauge Tech Security through layers in an intelligent electronic device
US10862784B2 (en) 2011-10-04 2020-12-08 Electro Industries/Gauge Tech Systems and methods for processing meter information in a network of intelligent electronic devices
US10771532B2 (en) 2011-10-04 2020-09-08 Electro Industries/Gauge Tech Intelligent electronic devices, systems and methods for communicating messages over a network
US8904009B1 (en) 2012-02-10 2014-12-02 Amazon Technologies, Inc. Dynamic content delivery
US10021179B1 (en) 2012-02-21 2018-07-10 Amazon Technologies, Inc. Local resource delivery network
US9083743B1 (en) 2012-03-21 2015-07-14 Amazon Technologies, Inc. Managing request routing information utilizing performance information
US10623408B1 (en) 2012-04-02 2020-04-14 Amazon Technologies, Inc. Context sensitive object management
US9154551B1 (en) 2012-06-11 2015-10-06 Amazon Technologies, Inc. Processing DNS queries to identify pre-processing information
US9525659B1 (en) 2012-09-04 2016-12-20 Amazon Technologies, Inc. Request routing utilizing point of presence load information
US9678732B2 (en) 2012-09-14 2017-06-13 Intel Corporation Firmware agent
US9323577B2 (en) 2012-09-20 2016-04-26 Amazon Technologies, Inc. Automated profiling of resource usage
US9135048B2 (en) 2012-09-20 2015-09-15 Amazon Technologies, Inc. Automated profiling of resource usage
US10205698B1 (en) 2012-12-19 2019-02-12 Amazon Technologies, Inc. Source-dependent address resolution
US11816465B2 (en) 2013-03-15 2023-11-14 Ei Electronics Llc Devices, systems and methods for tracking and upgrading firmware in intelligent electronic devices
US9294391B1 (en) 2013-06-04 2016-03-22 Amazon Technologies, Inc. Managing network computing components utilizing request routing
US10078811B2 (en) 2013-11-29 2018-09-18 Fedex Corporate Services, Inc. Determining node location based on context data in a wireless node network
JP6539652B2 (en) 2013-12-12 2019-07-03 コンベンタス オーソピディックス, インコーポレイテッド Tissue displacement tools and methods
US10453023B2 (en) 2014-05-28 2019-10-22 Fedex Corporate Services, Inc. Methods and node apparatus for adaptive node communication within a wireless node network
US11734396B2 (en) 2014-06-17 2023-08-22 El Electronics Llc Security through layers in an intelligent electronic device
US10033627B1 (en) 2014-12-18 2018-07-24 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10091096B1 (en) 2014-12-18 2018-10-02 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10097448B1 (en) 2014-12-18 2018-10-09 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US11238397B2 (en) 2015-02-09 2022-02-01 Fedex Corporate Services, Inc. Methods, apparatus, and systems for generating a corrective pickup notification for a shipped item using a mobile master node
US9897461B2 (en) 2015-02-27 2018-02-20 Electro Industries/Gauge Tech Intelligent electronic device with expandable functionality
US11009922B2 (en) 2015-02-27 2021-05-18 Electro Industries/Gaugetech Wireless intelligent electronic device
US10048088B2 (en) 2015-02-27 2018-08-14 Electro Industries/Gauge Tech Wireless intelligent electronic device
US10225326B1 (en) 2015-03-23 2019-03-05 Amazon Technologies, Inc. Point of presence based data uploading
US9819567B1 (en) 2015-03-30 2017-11-14 Amazon Technologies, Inc. Traffic surge management for points of presence
US9887932B1 (en) 2015-03-30 2018-02-06 Amazon Technologies, Inc. Traffic surge management for points of presence
US9887931B1 (en) 2015-03-30 2018-02-06 Amazon Technologies, Inc. Traffic surge management for points of presence
US9832141B1 (en) 2015-05-13 2017-11-28 Amazon Technologies, Inc. Routing based request correlation
US10616179B1 (en) 2015-06-25 2020-04-07 Amazon Technologies, Inc. Selective routing of domain name system (DNS) requests
US10491479B2 (en) 2015-07-08 2019-11-26 Fedex Corporate Services, Inc. Systems, apparatus, and methods of time gap related monitoring for an event candidate related to an ID node within a wireless node network
US10097566B1 (en) 2015-07-31 2018-10-09 Amazon Technologies, Inc. Identifying targets of network attacks
US9774619B1 (en) 2015-09-24 2017-09-26 Amazon Technologies, Inc. Mitigating network attacks
US9742795B1 (en) 2015-09-24 2017-08-22 Amazon Technologies, Inc. Mitigating network attacks
US9794281B1 (en) 2015-09-24 2017-10-17 Amazon Technologies, Inc. Identifying sources of network attacks
RU2015144655A (en) 2015-10-16 2017-04-24 Кейденс Дизайн Системс, Инк. RESTRICTION RELIABILITY PROCESS PROCESS
US10270878B1 (en) 2015-11-10 2019-04-23 Amazon Technologies, Inc. Routing for origin-facing points of presence
US10049051B1 (en) 2015-12-11 2018-08-14 Amazon Technologies, Inc. Reserved cache space in content delivery networks
US10257307B1 (en) 2015-12-11 2019-04-09 Amazon Technologies, Inc. Reserved cache space in content delivery networks
US10348639B2 (en) 2015-12-18 2019-07-09 Amazon Technologies, Inc. Use of virtual endpoints to improve data transmission rates
US10958435B2 (en) 2015-12-21 2021-03-23 Electro Industries/ Gauge Tech Providing security in an intelligent electronic device
US10430263B2 (en) 2016-02-01 2019-10-01 Electro Industries/Gauge Tech Devices, systems and methods for validating and upgrading firmware in intelligent electronic devices
JP6957496B2 (en) 2016-03-23 2021-11-02 フェデックス コーポレイト サービシズ,インコーポレイティド Radio node-based methods for auto-tuning the broadcast settings of nodes in a radio node network, non-temporary computer-readable media containing instructions to perform that method, and auto-tuning broadcast node equipment in a radio node network.
US10075551B1 (en) 2016-06-06 2018-09-11 Amazon Technologies, Inc. Request management for hierarchical cache
US10110694B1 (en) 2016-06-29 2018-10-23 Amazon Technologies, Inc. Adaptive transfer rate for retrieving content from a server
US9992086B1 (en) 2016-08-23 2018-06-05 Amazon Technologies, Inc. External health checking of virtual private cloud network environments
US10033691B1 (en) 2016-08-24 2018-07-24 Amazon Technologies, Inc. Adaptive resolution of domain name requests in virtual private cloud network environments
US10269235B2 (en) 2016-08-26 2019-04-23 Trane International Inc. System and method to assist building automation system end user based on alarm parameters
US10616250B2 (en) 2016-10-05 2020-04-07 Amazon Technologies, Inc. Network addresses with encoded DNS-level information
US10372499B1 (en) 2016-12-27 2019-08-06 Amazon Technologies, Inc. Efficient region selection system for executing request-driven code
US10831549B1 (en) 2016-12-27 2020-11-10 Amazon Technologies, Inc. Multi-region request-driven code execution system
US10387625B2 (en) * 2017-01-26 2019-08-20 Dexin Electronic Ltd. Input device and computer system
US10938884B1 (en) 2017-01-30 2021-03-02 Amazon Technologies, Inc. Origin server cloaking using virtual private cloud network environments
US10503613B1 (en) 2017-04-21 2019-12-10 Amazon Technologies, Inc. Efficient serving of resources during server unavailability
US11075987B1 (en) 2017-06-12 2021-07-27 Amazon Technologies, Inc. Load estimating content delivery network
US10447648B2 (en) 2017-06-19 2019-10-15 Amazon Technologies, Inc. Assignment of a POP to a DNS resolver based on volume of communications over a link between client devices and the POP
US10918426B2 (en) 2017-07-04 2021-02-16 Conventus Orthopaedics, Inc. Apparatus and methods for treatment of a bone
US10742593B1 (en) 2017-09-25 2020-08-11 Amazon Technologies, Inc. Hybrid content request routing system
US11754997B2 (en) 2018-02-17 2023-09-12 Ei Electronics Llc Devices, systems and methods for predicting future consumption values of load(s) in power distribution systems
US11734704B2 (en) 2018-02-17 2023-08-22 Ei Electronics Llc Devices, systems and methods for the collection of meter data in a common, globally accessible, group of servers, to provide simpler configuration, collection, viewing, and analysis of the meter data
US11686594B2 (en) 2018-02-17 2023-06-27 Ei Electronics Llc Devices, systems and methods for a cloud-based meter management system
US10592578B1 (en) 2018-03-07 2020-03-17 Amazon Technologies, Inc. Predictive content push-enabled content delivery network
US10862852B1 (en) 2018-11-16 2020-12-08 Amazon Technologies, Inc. Resolution of domain name requests in heterogeneous network environments
US11025747B1 (en) 2018-12-12 2021-06-01 Amazon Technologies, Inc. Content request pattern-based routing system
US11863589B2 (en) 2019-06-07 2024-01-02 Ei Electronics Llc Enterprise security in meters
US11587026B2 (en) * 2019-06-28 2023-02-21 Allied Inventory Systems, Inc. RFID based inventory system and method

Citations (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4975865A (en) 1989-05-31 1990-12-04 Mitech Corporation Method and apparatus for real-time control
US5119470A (en) 1990-04-27 1992-06-02 Ibm Corporation Computer based inference engine device and method thereof for integrating backward chaining and forward chaining reasoning
US5644770A (en) 1990-09-28 1997-07-01 Texas Instruments Incorporated Coupling rules to an object-oriented program
US5650768A (en) 1996-03-04 1997-07-22 Eswaran; Kapali P. Baggage claiming method and apparatus
US5862325A (en) 1996-02-29 1999-01-19 Intermind Corporation Computer-based communication system and method using metadata defining a control structure
US5910776A (en) 1994-10-24 1999-06-08 Id Technologies, Inc. Method and apparatus for identifying locating or monitoring equipment or other objects
US5949335A (en) * 1998-04-14 1999-09-07 Sensormatic Electronics Corporation RFID tagging system for network assets
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US6304973B1 (en) * 1998-08-06 2001-10-16 Cryptek Secure Communications, Llc Multi-level security network system
US20020004787A1 (en) 2000-03-28 2002-01-10 Moshal David Clive Method for conducting an exchange over a network
US20020059471A1 (en) 2000-06-07 2002-05-16 Sanghvi Ashvinkumar J. Method and apparatus for handling policies in an enterprise
US6405261B1 (en) 1997-11-26 2002-06-11 International Business Machines Corporation Method and apparatus for an automatic multi-rate wireless/wired computer network
US20020070865A1 (en) 2000-09-29 2002-06-13 Lancos Kenneth J. System and method for creating a group of guests at a coverage area
US20020095454A1 (en) 1996-02-29 2002-07-18 Reed Drummond Shattuck Communications system
US20020143624A1 (en) 2001-03-31 2002-10-03 Koninklijke Philips Electronics N.V. Machine readable label for tokens and method of use
US20020170952A1 (en) 2001-04-04 2002-11-21 Koninklijke Philips Electronics N.V. Internet enabled resource constrained terminal for processing tags
US20030061062A1 (en) 2001-09-26 2003-03-27 Tucker Timothy J. XML data switch
US20030135576A1 (en) 2002-01-15 2003-07-17 Ibm Corporation Ad hoc data sharing in virtual team rooms
US20030144926A1 (en) 2002-01-31 2003-07-31 International Business Machines Corporation Inventory controls with radio frequency identification
US20030155413A1 (en) * 2001-07-18 2003-08-21 Rozsa Kovesdi System and method for authoring and providing information relevant to a physical world
US6618806B1 (en) * 1998-04-01 2003-09-09 Saflink Corporation System and method for authenticating users in a computer network
US6631363B1 (en) 1999-10-11 2003-10-07 I2 Technologies Us, Inc. Rules-based notification system
US20030225928A1 (en) 2002-05-28 2003-12-04 Sun Microsystems, Inc. Method, system, and program for managing access to a device by device specific components and operating system specific components
US20030227392A1 (en) 2002-01-11 2003-12-11 Ebert Peter S. Context-aware and real-time item tracking system architecture and scenarios
WO2003102845A2 (en) 2002-05-31 2003-12-11 Sap Aktiengesellschaft System and method for supply chain event management
US6677852B1 (en) 1999-09-22 2004-01-13 Intermec Ip Corp. System and method for automatically controlling or configuring a device, such as an RFID reader
US20040016796A1 (en) 1998-11-25 2004-01-29 Diebold, Incorporated Automated banking apparatus and method
US20040046642A1 (en) 2002-09-05 2004-03-11 Honeywell International Inc. Protocol for addressing groups of RFID tags
US20040070491A1 (en) 1998-07-23 2004-04-15 Universal Electronics Inc. System and method for setting up a universal remote control
US6732923B2 (en) 2001-04-04 2004-05-11 Ncr Corporation Radio frequency identification system and method
US20040102995A1 (en) 2002-11-19 2004-05-27 Prasad Boppana Method and system for modeling sales processes
US20040111335A1 (en) 2002-12-04 2004-06-10 Black Charles Ronald RFID space monitoring and asset inventory system
US20040133484A1 (en) 2003-01-08 2004-07-08 Kreiner Barrett M. Radio-frequency tags for sorting post-consumption items
US6784802B1 (en) 1999-11-04 2004-08-31 Nordx/Cdt, Inc. Real time monitoring of cable patch panel
US20040181461A1 (en) 2003-03-14 2004-09-16 Samir Raiyani Multi-modal sales applications
US20040193641A1 (en) 2002-01-11 2004-09-30 Tao Lin Providing selective access to tracking information
US20040215667A1 (en) 2003-04-22 2004-10-28 Taylor John Anthony Distributing membership information for multi-party application layer sessions
US20040217864A1 (en) 2003-02-21 2004-11-04 Nowak Brent M. Tagging and tracking system for assets and personnel of a commercial enterprise
US20040222298A1 (en) 2000-10-20 2004-11-11 Promega Corporation RF point of sale and delivery method and system using communication with remote computer and having features to read a large number of RF tags
US20040233040A1 (en) * 2002-11-23 2004-11-25 Kathleen Lane Secure personal RFID documents and method of use
US20040238635A1 (en) 2003-05-29 2004-12-02 Hitachi, Ltd. Terminal device, service providing server, and RF tag sheet
US20040245332A1 (en) 2003-04-07 2004-12-09 Kia Silverbrook Obtaining product item assistance
US20040250066A1 (en) 2003-05-22 2004-12-09 International Business Machines Corporation Smart card data transaction system and methods for providing high levels of storage and transmission security
US20050033619A1 (en) * 2001-07-10 2005-02-10 American Express Travel Related Services Company, Inc. Method and system for tracking user performance
US20050062603A1 (en) * 2003-08-06 2005-03-24 Oren Fuerst Secure, networked and wireless access, storage and retrival system and method utilizing tags and modular nodes
US6873260B2 (en) * 2000-09-29 2005-03-29 Kenneth J. Lancos System and method for selectively allowing the passage of a guest through a region within a coverage area
US20050068190A1 (en) 2003-09-30 2005-03-31 Robert Krause Personal retail tool and server system
US20050092825A1 (en) 2003-11-04 2005-05-05 Captech Ventures, Inc. System and method for RFID system integration
US20050108628A1 (en) 2003-11-18 2005-05-19 Roger Grambihler System and method for generating optimized binary representation of an object tree
US20050119984A1 (en) 2003-12-01 2005-06-02 Rouvellou Isabelle M. Methods and apparatus for business rules authoring and operation employing a customizable vocabulary
US6908034B2 (en) 2001-12-17 2005-06-21 Zih Corp. XML system
US20050138402A1 (en) * 2003-12-23 2005-06-23 Yoon Jeonghee M. Methods and apparatus for hierarchical system validation
US20050150952A1 (en) 2000-10-11 2005-07-14 Chung Kevin K. Article tracking method and system
WO2005078633A1 (en) 2004-02-06 2005-08-25 Zih Corp Rfid group selection method
US6943683B2 (en) 2002-01-21 2005-09-13 Hewlett-Packard Development Company, L.P. Location device
US20050237194A1 (en) 2004-04-26 2005-10-27 Microsoft Corporation Self-monitored active rack
US20060047789A1 (en) 2004-09-01 2006-03-02 Microsoft Corporation Rule-based filtering and alerting
EP1632893A2 (en) 2004-09-01 2006-03-08 Microsoft Corporation Device service provider interface
US20060116160A1 (en) 2004-11-30 2006-06-01 Symbol Technologies, Inc. Mobility device assistant
US20060195473A1 (en) 2005-02-28 2006-08-31 Tao Lin Dynamic component management
US7148803B2 (en) * 2003-10-24 2006-12-12 Symbol Technologies, Inc. Radio frequency identification (RFID) based sensor networks
US7155305B2 (en) 2003-11-04 2006-12-26 Universal Electronics Inc. System and methods for home appliance identification and control in a networked environment
US20070024463A1 (en) * 2005-07-26 2007-02-01 Rockwell Automation Technologies, Inc. RFID tag data affecting automation controller with internal database
US7204409B2 (en) 2004-09-01 2007-04-17 Microsoft Corporation Reader application markup language schema
US7257108B2 (en) * 2004-07-28 2007-08-14 Lenovo (Singapore) Pte. Ltd. Determining the physical location of resources on and proximate to a network
US20070243925A1 (en) 2006-04-13 2007-10-18 Igt Method and apparatus for integrating remotely-hosted and locally rendered content on a gaming device
US7290708B2 (en) 2002-07-31 2007-11-06 Sap Aktiengesellschaft Integration framework
US7327259B2 (en) * 2004-10-29 2008-02-05 Electronics And Telecommunications Research Institute Method and apparatus for managing online and offline documents with RFID technology
US7424744B1 (en) * 2002-03-05 2008-09-09 Mcafee, Inc. Signature based network intrusion detection system and method
US7426484B2 (en) 2003-02-04 2008-09-16 United Parcel Service Of America, Inc. Consolidated shipping and distribution of multiple orders with returns
US7640547B2 (en) * 2002-02-08 2009-12-29 Jpmorgan Chase & Co. System and method for allocating computing resources of a distributed computing system
US7640574B1 (en) * 2004-06-02 2009-12-29 Sun Microsystems, Inc. Method and system for resource based authentication
US7756969B1 (en) 2001-09-07 2010-07-13 Oracle America, Inc. Dynamic provisioning of identification services in a distributed system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5113344A (en) * 1990-07-27 1992-05-12 Raymond Corporation Material handling vehicle identification tag
US5469363A (en) * 1994-05-19 1995-11-21 Saliga; Thomas V. Electronic tag with source certification capability
JP2002541602A (en) * 1999-04-07 2002-12-03 スイスコム モービル アーゲー Methods and systems for ordering, loading, and using admission tickets
RU2144221C1 (en) * 1999-06-29 2000-01-10 Государственное унитарное предприятие Государственный научно-исследовательский институт авиационных систем Method for monitoring of mobile objects
RU2199781C1 (en) * 2001-07-20 2003-02-27 Ямилев Ильгиз Амирович Method for branding commodity, or part, or structure for its identification (alternatives) and system for identifying commodity, of part, or structure branded by this method (alternatives)
WO2003048190A2 (en) * 2001-12-04 2003-06-12 The Curators Of The University Of Missouri Acyclovir-peptide analogs
JP2005279008A (en) * 2004-03-30 2005-10-13 Brother Ind Ltd Embroidery data preparing device, embroidery data preparing method, embroidery data preparation controlling program, and embroidering method

Patent Citations (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4975865A (en) 1989-05-31 1990-12-04 Mitech Corporation Method and apparatus for real-time control
US5119470A (en) 1990-04-27 1992-06-02 Ibm Corporation Computer based inference engine device and method thereof for integrating backward chaining and forward chaining reasoning
US5644770A (en) 1990-09-28 1997-07-01 Texas Instruments Incorporated Coupling rules to an object-oriented program
US5910776A (en) 1994-10-24 1999-06-08 Id Technologies, Inc. Method and apparatus for identifying locating or monitoring equipment or other objects
US5862325A (en) 1996-02-29 1999-01-19 Intermind Corporation Computer-based communication system and method using metadata defining a control structure
US6088717A (en) 1996-02-29 2000-07-11 Onename Corporation Computer-based communication system and method using metadata defining a control-structure
US20020095454A1 (en) 1996-02-29 2002-07-18 Reed Drummond Shattuck Communications system
US5650768A (en) 1996-03-04 1997-07-22 Eswaran; Kapali P. Baggage claiming method and apparatus
US6405261B1 (en) 1997-11-26 2002-06-11 International Business Machines Corporation Method and apparatus for an automatic multi-rate wireless/wired computer network
US6618806B1 (en) * 1998-04-01 2003-09-09 Saflink Corporation System and method for authenticating users in a computer network
US5949335A (en) * 1998-04-14 1999-09-07 Sensormatic Electronics Corporation RFID tagging system for network assets
US20040070491A1 (en) 1998-07-23 2004-04-15 Universal Electronics Inc. System and method for setting up a universal remote control
US6304973B1 (en) * 1998-08-06 2001-10-16 Cryptek Secure Communications, Llc Multi-level security network system
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US20040016796A1 (en) 1998-11-25 2004-01-29 Diebold, Incorporated Automated banking apparatus and method
US6677852B1 (en) 1999-09-22 2004-01-13 Intermec Ip Corp. System and method for automatically controlling or configuring a device, such as an RFID reader
US6631363B1 (en) 1999-10-11 2003-10-07 I2 Technologies Us, Inc. Rules-based notification system
US6784802B1 (en) 1999-11-04 2004-08-31 Nordx/Cdt, Inc. Real time monitoring of cable patch panel
US20020004787A1 (en) 2000-03-28 2002-01-10 Moshal David Clive Method for conducting an exchange over a network
US20020059471A1 (en) 2000-06-07 2002-05-16 Sanghvi Ashvinkumar J. Method and apparatus for handling policies in an enterprise
US20020070865A1 (en) 2000-09-29 2002-06-13 Lancos Kenneth J. System and method for creating a group of guests at a coverage area
US6873260B2 (en) * 2000-09-29 2005-03-29 Kenneth J. Lancos System and method for selectively allowing the passage of a guest through a region within a coverage area
US20050150952A1 (en) 2000-10-11 2005-07-14 Chung Kevin K. Article tracking method and system
US20040222298A1 (en) 2000-10-20 2004-11-11 Promega Corporation RF point of sale and delivery method and system using communication with remote computer and having features to read a large number of RF tags
US20020143624A1 (en) 2001-03-31 2002-10-03 Koninklijke Philips Electronics N.V. Machine readable label for tokens and method of use
US20020170952A1 (en) 2001-04-04 2002-11-21 Koninklijke Philips Electronics N.V. Internet enabled resource constrained terminal for processing tags
US6732923B2 (en) 2001-04-04 2004-05-11 Ncr Corporation Radio frequency identification system and method
US20050033619A1 (en) * 2001-07-10 2005-02-10 American Express Travel Related Services Company, Inc. Method and system for tracking user performance
US20030155413A1 (en) * 2001-07-18 2003-08-21 Rozsa Kovesdi System and method for authoring and providing information relevant to a physical world
US7756969B1 (en) 2001-09-07 2010-07-13 Oracle America, Inc. Dynamic provisioning of identification services in a distributed system
US20030061062A1 (en) 2001-09-26 2003-03-27 Tucker Timothy J. XML data switch
US6908034B2 (en) 2001-12-17 2005-06-21 Zih Corp. XML system
US20050150953A1 (en) 2001-12-17 2005-07-14 Alleshouse Bruce N. XML system
US20030227392A1 (en) 2002-01-11 2003-12-11 Ebert Peter S. Context-aware and real-time item tracking system architecture and scenarios
US20040193641A1 (en) 2002-01-11 2004-09-30 Tao Lin Providing selective access to tracking information
US20030135576A1 (en) 2002-01-15 2003-07-17 Ibm Corporation Ad hoc data sharing in virtual team rooms
US6943683B2 (en) 2002-01-21 2005-09-13 Hewlett-Packard Development Company, L.P. Location device
US20030144926A1 (en) 2002-01-31 2003-07-31 International Business Machines Corporation Inventory controls with radio frequency identification
US7640547B2 (en) * 2002-02-08 2009-12-29 Jpmorgan Chase & Co. System and method for allocating computing resources of a distributed computing system
US7424744B1 (en) * 2002-03-05 2008-09-09 Mcafee, Inc. Signature based network intrusion detection system and method
US20030225928A1 (en) 2002-05-28 2003-12-04 Sun Microsystems, Inc. Method, system, and program for managing access to a device by device specific components and operating system specific components
WO2003102845A2 (en) 2002-05-31 2003-12-11 Sap Aktiengesellschaft System and method for supply chain event management
US7290708B2 (en) 2002-07-31 2007-11-06 Sap Aktiengesellschaft Integration framework
US20040046642A1 (en) 2002-09-05 2004-03-11 Honeywell International Inc. Protocol for addressing groups of RFID tags
US20040102995A1 (en) 2002-11-19 2004-05-27 Prasad Boppana Method and system for modeling sales processes
US20040233040A1 (en) * 2002-11-23 2004-11-25 Kathleen Lane Secure personal RFID documents and method of use
US20040111335A1 (en) 2002-12-04 2004-06-10 Black Charles Ronald RFID space monitoring and asset inventory system
US20040133484A1 (en) 2003-01-08 2004-07-08 Kreiner Barrett M. Radio-frequency tags for sorting post-consumption items
US7426484B2 (en) 2003-02-04 2008-09-16 United Parcel Service Of America, Inc. Consolidated shipping and distribution of multiple orders with returns
US20040217864A1 (en) 2003-02-21 2004-11-04 Nowak Brent M. Tagging and tracking system for assets and personnel of a commercial enterprise
US20040181461A1 (en) 2003-03-14 2004-09-16 Samir Raiyani Multi-modal sales applications
US20040245332A1 (en) 2003-04-07 2004-12-09 Kia Silverbrook Obtaining product item assistance
US20040215667A1 (en) 2003-04-22 2004-10-28 Taylor John Anthony Distributing membership information for multi-party application layer sessions
US20040250066A1 (en) 2003-05-22 2004-12-09 International Business Machines Corporation Smart card data transaction system and methods for providing high levels of storage and transmission security
US20040238635A1 (en) 2003-05-29 2004-12-02 Hitachi, Ltd. Terminal device, service providing server, and RF tag sheet
US20050062603A1 (en) * 2003-08-06 2005-03-24 Oren Fuerst Secure, networked and wireless access, storage and retrival system and method utilizing tags and modular nodes
US20050068190A1 (en) 2003-09-30 2005-03-31 Robert Krause Personal retail tool and server system
US7148803B2 (en) * 2003-10-24 2006-12-12 Symbol Technologies, Inc. Radio frequency identification (RFID) based sensor networks
US7267275B2 (en) 2003-11-04 2007-09-11 Captech Ventures, Inc. System and method for RFID system integration
US7155305B2 (en) 2003-11-04 2006-12-26 Universal Electronics Inc. System and methods for home appliance identification and control in a networked environment
US20050092825A1 (en) 2003-11-04 2005-05-05 Captech Ventures, Inc. System and method for RFID system integration
US20050108628A1 (en) 2003-11-18 2005-05-19 Roger Grambihler System and method for generating optimized binary representation of an object tree
US20050119984A1 (en) 2003-12-01 2005-06-02 Rouvellou Isabelle M. Methods and apparatus for business rules authoring and operation employing a customizable vocabulary
US20050138402A1 (en) * 2003-12-23 2005-06-23 Yoon Jeonghee M. Methods and apparatus for hierarchical system validation
WO2005078633A1 (en) 2004-02-06 2005-08-25 Zih Corp Rfid group selection method
US20050237194A1 (en) 2004-04-26 2005-10-27 Microsoft Corporation Self-monitored active rack
US7640574B1 (en) * 2004-06-02 2009-12-29 Sun Microsystems, Inc. Method and system for resource based authentication
US7257108B2 (en) * 2004-07-28 2007-08-14 Lenovo (Singapore) Pte. Ltd. Determining the physical location of resources on and proximate to a network
US20060047789A1 (en) 2004-09-01 2006-03-02 Microsoft Corporation Rule-based filtering and alerting
US7204409B2 (en) 2004-09-01 2007-04-17 Microsoft Corporation Reader application markup language schema
US7533812B2 (en) 2004-09-01 2009-05-19 Microsoft Corporation Reader application markup language schema
EP1632893A2 (en) 2004-09-01 2006-03-08 Microsoft Corporation Device service provider interface
US7327259B2 (en) * 2004-10-29 2008-02-05 Electronics And Telecommunications Research Institute Method and apparatus for managing online and offline documents with RFID technology
US20060116160A1 (en) 2004-11-30 2006-06-01 Symbol Technologies, Inc. Mobility device assistant
US20060195473A1 (en) 2005-02-28 2006-08-31 Tao Lin Dynamic component management
US20070024463A1 (en) * 2005-07-26 2007-02-01 Rockwell Automation Technologies, Inc. RFID tag data affecting automation controller with internal database
US20070243925A1 (en) 2006-04-13 2007-10-18 Igt Method and apparatus for integrating remotely-hosted and locally rendered content on a gaming device

Non-Patent Citations (42)

* Cited by examiner, † Cited by third party
Title
ALIEN "ALR-9800 Enterprise RFID Reader" http://www.alientechnology.com/docs/AT-DS-9800-v3-WEB.pdf last viewed Nov. 17, 2005, 4 pages.
Anonymous: "The Sun Global RFID Betwork Vision: Connecting Businesses at the Edge of Network" Internet Article, Jul. 2004, http://www.sun.com/software/solutions/rfid/Sun-RFIS-Vision-rla.pdf.
Author Unknown, "Does Your Project Need a Rule Engine", Copyright 2008 Sys-Con Media, Downloaded Oct. 13, 2009 .
Author Unknown, "Does Your Project Need a Rule Engine", Copyright 2008 Sys-Con Media, Downloaded Oct. 13, 2009 <http://java.sys-con.com/node/45082/print>.
Bornhovd et al., Integrating Smart Items With Business Processes An Experience Report, Jan. 3, 2005, pp. 1-8. *
Bornhovd, et al. "Integrating Smart Items with Business Processes An Experience Report" Proceedings of the Thirt-Eighth Hawaii International Conference on System Science (Jan. 3, 2005) 8 pages.
Branch, et al. "Sentire: A Framwork for Building Middleware for Sensor and Actuator Networks" Proceedings of the Third International Conference on Pervasive Computing and Communications Workshops, Mar. 8, 2005) pp. 396-400.
Chen. "Understanding Java Card 2.0" URL:.com//javaworld/jw-03-1998/jw-03-javadev-p.html> last viewed Dec. 19, 2005, 12 pages.
European Seach Report dated May 11, 2006, mailed May 12, 2006 for European Patent Application Serial No. EP05107744, 9 pages.
European Search Report dated Feb. 6, 2006, mailed Feb. 6, 2006 for European Patent Application Seial No. 05107826, 7 pages.
European Search Report dated Mar. 9, 2006 mailed Mar. 22, 2006 for European Patent Application Serial No. EP05107794, 7 Pages.
European Search Report dated Mar. 9, 2006, mailed Mar. 27, 2006 for European Patent Application Serial No. EP05107744, 7 pages.
European Search Report dated Oct. 2, 2006, mailed Feb. 10, 2006 for European Patent Application Seial No. 05107796, 6 pages.
European Search Report dated Oct. 4, 2006 and mailed Apr. 11, 2006 for EP 05108005, 9 pages.
Eurpoean Search Report dated Feb. 7, 2006; mailed Feb. 7, 2006 for PCT Application Serial No. EP 05 10 8001; 7 pages.
Floerkemier, et al. "PML Core Specification 1.0" Sep. 13, 2003, Auto-ID Center, Version 1.0, 48 pages.
Ganesh, et al. "Web Services and Multi-Channel Integration: A Proposed Framework" Proceedings of the IEEE International Conference on Web Services (Jul. 6, 2004) 8 pages.
Harrison, et al. "Information Management in the Product Lifecycle-the Role Networked RFID" Proceedings of the Second IEE International Conference (Jun. 24, 2004) pp. 507-512.
IBM "alphaWorks: RFID Device Development Kit: Overview" http://www/alphaworks.ibm.com/tech/rfiddevice last viewed Nov. 7, 2005, 1 page.
International Search Report dated and mailed Jul. 27, 2007 for PCT Application Serial No. PCT 2007/004005, 6 pages.
Notice of Allowance dated Jan. 12, 2010 cited in U.S. Appl. No. 11/061,337.
Office Action dated Jul. 31, 2009 cited in U.S. Appl. No. 11/061,337.
Ortiz. "An Introduction to Java Card Technology-Part 1" http://developers.sun.com/techtopics/mobility/javacard/articles/javacard1/> last viewed Dec. 19, 2005, 14 pages.
QA Received Dec. 10, 2008 for Chinese Application Serial No. 200510091693.0, 10 Pages.
Tsetsos, et al. "Commerical Wireless Sensor Networks: Technical and Business Issues" Proceedings of the Second Annual Conference on Wireless On-Demand Network Systems and Services (Jan. 19-21, 2005) 8 pages.
U.S. Appl. No. 11/025,702, filed Dec. 29, 2004, Kumar, et al.
U.S. Appl. No. 11/025,702, filed Feb. 18, 2005, Kumar, et al.
U.S. Appl. No. 11/061,337, filed Feb. 18, 2005, Kumar, et al.
U.S. Appl. No. 11/061,337, filed Mar. 1, 2005, Kumar, et al.
U.S. Appl. No. 11/061,356, filed Feb. 18, 2005, Kumar, et al.
U.S. Appl. No. 11/061,356, filed May 31, 2005, Kumar, et al.
U.S. Appl. No. 11/061,356, mailed Nov. 17, 2010, Office Action.
U.S. Appl. No. 11/069,459, filed Feb. 18, 2005, Kumar, et al.
U.S. Appl. No. 11/069,459, filed Mar. 1, 2005, Kumar, et al.
U.S. Appl. No. 11/140,726, filed May 31, 2005, Agarwal, et al.
U.S. Appl. No. 11/140,726, filed May 31, 2005, Kumar, et al.
U.S. Appl. No. 11/141,533, filed May 31, 2005, Agarwal, et al.
U.S. Appl. No. 11/141,619, filed May 31, 2005, Kumar, et al.
U.S. Appl. No. 11/192,877, filed Aug. 11, 2010, Office Action.
U.S. Appl. No. 11/192,877, mailed Dec. 15, 2010, Office Action.
U.S. Appl. No. 60/606,281, filed Sep. 1, 2004, Kumar, et al.
U.S. Appl. No. 60/606,577, filed Sep. 2, 2004, Kumar, et al.

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060143466A1 (en) * 1999-06-07 2006-06-29 Nokia Corporation Security Architecture
US8286221B2 (en) * 1999-06-07 2012-10-09 Nokia Corporation Security architecture
US8656467B1 (en) 1999-06-07 2014-02-18 Nokia Corporation Security architecture
US8650390B2 (en) 2000-09-13 2014-02-11 Fortinet, Inc. Tunnel interface for securing traffic over a network
US9264304B2 (en) 2012-06-20 2016-02-16 Reliance Jio Infocomm Usa, Inc. Method and procedure for dynamic services orchestration that runs within an on device software container
US11140230B2 (en) 2012-06-20 2021-10-05 Reliance Jio Infocomm Usa, Inc. Method and procedure for dynamic services orchestration that runs within an on-device software container
US10666745B2 (en) 2012-06-20 2020-05-26 Reliance Jio Infocomm Usa, Inc. Method and procedure for dynamic services orchestration that runs within an on-device software container
US9628572B2 (en) 2012-06-20 2017-04-18 Reliance Jio Infocomm Usa, Inc. Method and procedure for dynamic services orchestration that runs within an on-device software container
US9246935B2 (en) 2013-10-14 2016-01-26 Intuit Inc. Method and system for dynamic and comprehensive vulnerability management
US9516064B2 (en) 2013-10-14 2016-12-06 Intuit Inc. Method and system for dynamic and comprehensive vulnerability management
US9313281B1 (en) 2013-11-13 2016-04-12 Intuit Inc. Method and system for creating and dynamically deploying resource specific discovery agents for determining the state of a cloud computing environment
US9501345B1 (en) 2013-12-23 2016-11-22 Intuit Inc. Method and system for creating enriched log data
US9323926B2 (en) 2013-12-30 2016-04-26 Intuit Inc. Method and system for intrusion and extrusion detection
US10123360B2 (en) 2014-01-22 2018-11-06 Reliance Jio Infocomm Limited System and method for secure wireless communication
US9686301B2 (en) 2014-02-03 2017-06-20 Intuit Inc. Method and system for virtual asset assisted extrusion and intrusion detection and threat scoring in a cloud computing environment
US9923909B2 (en) 2014-02-03 2018-03-20 Intuit Inc. System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment
US10360062B2 (en) 2014-02-03 2019-07-23 Intuit Inc. System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment
US9325726B2 (en) 2014-02-03 2016-04-26 Intuit Inc. Method and system for virtual asset assisted extrusion and intrusion detection in a cloud computing environment
US11411984B2 (en) 2014-02-21 2022-08-09 Intuit Inc. Replacing a potentially threatening virtual asset
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
US9459987B2 (en) 2014-03-31 2016-10-04 Intuit Inc. Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
US9245117B2 (en) 2014-03-31 2016-01-26 Intuit Inc. Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
US9596251B2 (en) 2014-04-07 2017-03-14 Intuit Inc. Method and system for providing security aware applications
US9276945B2 (en) 2014-04-07 2016-03-01 Intuit Inc. Method and system for providing security aware applications
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US10055247B2 (en) 2014-04-18 2018-08-21 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US9374389B2 (en) 2014-04-25 2016-06-21 Intuit Inc. Method and system for ensuring an application conforms with security and regulatory controls prior to deployment
US9900322B2 (en) 2014-04-30 2018-02-20 Intuit Inc. Method and system for providing permissions management
US9319415B2 (en) 2014-04-30 2016-04-19 Intuit Inc. Method and system for providing reference architecture pattern-based permissions management
US9742794B2 (en) 2014-05-27 2017-08-22 Intuit Inc. Method and apparatus for automating threat model generation and pattern identification
US9330263B2 (en) * 2014-05-27 2016-05-03 Intuit Inc. Method and apparatus for automating the building of threat models for the public cloud
US10050997B2 (en) 2014-06-30 2018-08-14 Intuit Inc. Method and system for secure delivery of information to computing environments
US9866581B2 (en) 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US9473481B2 (en) 2014-07-31 2016-10-18 Intuit Inc. Method and system for providing a virtual asset perimeter
US9888044B2 (en) 2014-09-15 2018-02-06 Reliance Jio Infocomm Usa, Inc. Extending communication services to a consumption device using a proxy device
US10855729B2 (en) 2014-09-15 2020-12-01 Reliance Jio Infocomm Usa, Inc. Extending communication services to a consumption device using a proxy device
US10755160B2 (en) 2015-05-25 2020-08-25 Wewewe Gmbh Insertion body, assembly of insertion bodies and method for inserting an insertion body
US10531358B2 (en) 2015-07-30 2020-01-07 Reliace Jio Infocomm Usa, Inc. Method and system for routing IP based messaging, voice and video calling based on the network parameters the device is connected to and the location
US10819754B2 (en) 2015-07-30 2020-10-27 Reliance Jio Infocomm Usa, Inc. Method and system for routing IP based messaging, voice and video calling based on the network parameters the device is connected to and the location
US11431760B2 (en) 2015-07-30 2022-08-30 Reliance Jio Infocomm Usa, Inc. Method and system for routing IP based messaging, voice and video calling based on the network parameters the device is connected to and the location

Also Published As

Publication number Publication date
RU2005127417A (en) 2007-03-10
RU2455683C2 (en) 2012-07-10
RU2005127424A (en) 2007-03-10
RU2011118882A (en) 2012-11-20
US20060055508A1 (en) 2006-03-16
US7382260B2 (en) 2008-06-03
RU2005127421A (en) 2007-03-10
RU2421811C2 (en) 2011-06-20
US20060047787A1 (en) 2006-03-02
RU2402069C2 (en) 2010-10-20
RU2571611C2 (en) 2015-12-20
RU2005127418A (en) 2007-03-10
RU2005127420A (en) 2007-03-10
RU2398268C2 (en) 2010-08-27
RU2463650C2 (en) 2012-10-10
RU2005127416A (en) 2007-03-10

Similar Documents

Publication Publication Date Title
US7944355B2 (en) Security techniques in the RFID framework
US9058528B2 (en) RFID device groups
US6134664A (en) Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources
US9251351B2 (en) System and method for grouping computer vulnerabilities
US5557742A (en) Method and system for detecting intrusion into and misuse of a data processing system
US5850516A (en) Method and apparatus for analyzing information systems using stored tree database structures
CN106411578A (en) Website monitoring system and method applicable to power industry
US6919807B2 (en) Method and system for collaborative and fail-tolerant deployment of automatic identification and data collection (AIDC) devices
US20080307493A1 (en) Policy specification framework for insider intrusions
Yan et al. Database audit workload prioritization via game theory
Song et al. The RFID middleware system supporting context-aware access control service
Rouchdi et al. Resolving security and privacy issues in radio frequency identification middleware
Zuo Towards a trustworthy RFID system-from a security perspective
Konidala et al. Security assessment of EPCglobal architecture framework
US20080001711A1 (en) Reliability of execution for device provider implementations
Presley et al. Cybersecurity Threats in the Context of Project Meta-Phases
CN114143015A (en) Abnormal access behavior detection method and electronic equipment
Mylnikov et al. Modeling the Security System of the Cloud IoT Platform of an Smart Supermarket
Soppera et al. Trusted RFID readers for secure multi-party services
US20230396640A1 (en) Security event management system and associated method
Mahinderjit-Singh et al. A cost-based model for risk management in RFID-enabled supply chain applications
Mahinderjit-Singh et al. Context-aware web services for security control and privacy preservation in an RFID supply chain
Mahinderjit-Singh et al. Trust framework for RFID tracking in supply chain management
Valarmathi et al. An Adaptive Cryptography Using OpenAI API: Dynamic Key Management Using Self Learning AI
Meskhidze et al. About the Method of Protecting Information in Financial Portals based on Neural Networks

Legal Events

Date Code Title Description
AS Assignment

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KUMAR, ANUSH;SRIRAM, BALASUBRAMANIAN;AHMED, MOHAMED FAKRUDEEN ALI;AND OTHERS;SIGNING DATES FROM 20050524 TO 20050530;REEL/FRAME:016449/0700

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KUMAR, ANUSH;SRIRAM, BALASUBRAMANIAN;AHMED, MOHAMED FAKRUDEEN ALI;AND OTHERS;REEL/FRAME:016449/0700;SIGNING DATES FROM 20050524 TO 20050530

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034543/0001

Effective date: 20141014

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12